© AGH Employer Solutions 2015
THIEVES WITHIN PREVENTING FRAUD IN SMALL AND MEDIUM-SIZED ORGANIZATIONS
Cindy McSwain Vice President, Outsourcing Services
© AGH Employer Solutions 2015
Introduction:
Fraud & Embezzlement 01
Table of Contents
Fraud & Embezzlement -
Management Review 02 "Controlling" Fraud Risk
in Your Organization 03
Segregation of Duties Can
Mitigate Fraud Risk
04 Most Common Employee Theft -
Cash is King
05 8 Red Flags of
Fraud & Embezzlement
06
© AGH Employer Solutions 2015
Introduction
Why it’s important and what
I’ve seen
Fraud & Embezzlement
© AGH Employer Solutions 2015 4
Did You Know
In my 20+ years as an accountant and
consultant, I have seen organizations
affected by fraud over and over.
In its Report to the Nations on Occupational Fraud and
Abuse, the Association of Certified Fraud Examiners
(ACFE) reported the following:
The typical organization lost 5% of its annual revenue to
fraud.
The median loss due to fraud was $145,000.
Frauds lasted a median of 18 months before being
detected.
Small organizations are disproportionately victimized by
occupational fraud due to lack of anti-fraud controls
compared to their larger counterparts.
Introduction: Fraud & Embezzlement
section 01
5% of annual revenue is typically lost to fraud.
© AGH Employer Solutions 2015 5
What I’ve Seen
The stats previously mentioned do not surprise me. I've seen
very simple fraud schemes as well as well-designed, complex
and intricate schemes:
Theft of cash on hand or cash receipts (from simply taking
it directly out of the cash register to complicated kiting
schemes)
Theft of inventory or supplies
Fraudulent or inappropriate disbursements (fake
employees, fake vendors, paying for personal expenses)
Misreported financial statements (higher bottom line
meant a bigger bonus)
Corruption (bribery, insider trading, money laundering and
more)
In small and medium enterprises, fraud and embezzlement
often involves a trusted employee (worse yet, a trusted
personal friend of the owner) – males and females alike.
It can involve inventory or supplies, but often involves cold,
hard, cash. Often, the perpetrator actually thinks he or she is
deserving or “owed” what was taken.
Introduction: Fraud & Embezzlement
In small and medium enterprises, fraud and
embezzlement often involves a trusted employee.
section 01
© AGH Employer Solutions 2015 6
Fraud & Embezzlement
Fraud increases when the three factors within
the "fraud triangle*" intersect:
1. Pressure / Motivation / Incentive -- Employees and their
families experiencing layoffs or salary cuts face financial
pressure; managers may feel pressure to show positive
financial results.
2. Opportunity -- Fraud opportunity can increase when layoffs
leave fewer employees responsible for internal controls.
3. Rationalization -- Rationalization may occur if fewer
employees working more hours feel poorly compensated or
resentful and justified in committing fraud.
Introduction: Fraud & Embezzlement
Opportunity
section 01
*ACFE and Donald R. Cressey, Other People’s Money
© AGH Employer Solutions 2015 7
Pay Attention
Owners and key management should pay attention to the
actions of their employees.
The ACFE's report noted the most common behavioral red flags displayed by fraud
perpetrators were:
Living beyond their means,
Exhibiting control issues (unwillingness to share duties), or
Experiencing financial difficulties
Introduction: Fraud & Embezzlement
section 01
© AGH Employer Solutions 2015 8
Review, Monitor and Evaluate Internal Controls
To reduce your risk of loss from fraud, it's important that
internal controls be periodically reviewed, monitored and
evaluated by management. Given the current, higher level of
fraud risk, every organization has a compelling need to study
the adequacy and effectiveness of its internal controls. Future
slides will include brief overviews of some factors for you to
consider in that process. You may already be implementing
some or all of these precautions, and some of you may be
going far beyond them – I hope you are. If not, this
information can serve as “food for thought” in an area critical
to every organization’s financial health.
General recommendations include:
Annual management review
Internal controls
Introduction: Fraud & Embezzlement
section 01
© AGH Employer Solutions 2015 10
Why Fraud Happens
The Association of Certified Fraud
Examiners (ACFE) Report to the Nation
identified lack of management
review and lack of internal controls as the
most often-cited factors that allowed fraud
to occur. While no silver bullet can prevent
fraud altogether, each of the preventive
steps outlined in this section may help
reduce an organization’s risk.
Fraud & Embezzlement – Management Review
section 02
© AGH Employer Solutions 2015 11
Annual Management Review
Owners and key management, including the chief financial officer,
should review and discuss internal controls annually, including but
not limited to the following items:
Assets most susceptible to fraud, theft or loss
Areas where controls may be weaker because the number of personnel involved
does not allow the desirable separation of duties
Changes in the staff structure that may have altered the effectiveness of historical
controls
Methods for raising employees’ awareness of ethics and fraud
A way for employees to communicate instances of possible fraud or misconduct
Fraud & Embezzlement – Management Review
section 02
© AGH Employer Solutions 2015 12
Management’s Responsibility
Management is responsible for
designing and implementing systems
and procedures to prevent and detect
of fraud and, along with the owners
and/or board of directors, for ensuring
a culture and environment that
promotes honesty and ethical
behavior.
For not-for-profit organizations, a
portion of this responsibility rests with
the board of directors. Many
professionals serve on not-for-profit
boards in support of their
communities.
If you participate in a not-for-profit
board, ask yourself, “When is the last
time my board reviewed the
organization's internal controls?”
Unfortunately, fraud happens within
the walls of not-for-profit
organizations, too.
Fraud & Embezzlement – Management Review
section 02
© AGH Employer Solutions 2015
“Controlling” the Risk
What you can do as a
business manager and/or
owner
Fraud & Embezzlement
© AGH Employer Solutions 2015 14
Internal Controls
The term "internal controls" refers to
actions designed to minimize the potential
of material misstatement, fraud or other
financial misconduct or error.
They typically fall into these two broad categories:
Management approach
Financial policies and processes
Fraud & Embezzlement – “Controlling” Fraud Risk in Your Organization
section 03
The ethical tone of an
organization is set at the top.
© AGH Employer Solutions 2015 15
Management Approach
The ethical tone of an organization is
set at the top. Fraud risk is lowered by
creating a culture in which
expectations are clear, workplace
misconduct is not tolerated, and
ethical behavior is the norm. To create
such a culture, management may
want to consider actions such as:
1. Creating, disseminating and training
on an organizational “code of
conduct”
2. Incorporating ethical standards in
performance evaluations
3. Encouraging two-way
communication about ethical issues
through:
Discussion of ethics in leadership
presentations and employee
communications
Implementation of a confidential
employee communication channel
that allows employees to
anonymously report workplace
misconduct or offer suggestions
Fraud & Embezzlement – “Controlling” Fraud Risk in Your Organization
This last suggestion – an employee
hotline – is one of the most effective
anti-fraud tools an organization can
adopt.
The ACFE reports that fraud is more
likely to be detected by tips than any
other means, including audits or
controls. Our company utilizes
OurWorkplace for our internal
communication and reporting tool as
well as for many of our clients.
section 03
© AGH Employer Solutions 2015 16
Effective Fraud Hotlines
The ACFE’s studies show that
employees are by far the most
important source of fraud tips; nearly
50% of fraud tips come from inside an
organization.
However, it is important to encourage
reporting from a broader audience,
including customers, vendors and
owners/shareholders who may
suspect fraud.
Any hotline is only as effective as its
implementation, though. To get the
most value from a fraud hotline,
consider these factors:
24/7 availability: Studies show
nearly 40% of calls occur on nights
or weekends – not during regular
work hours. If an employees tries
once with no answer, the employer
may lose the change to learn of
fraud.
Anonymity: Despite whistle-blower
laws, many employees may be
reluctant to report suspicious
activity for fear of retaliation. Those
reporting must be assured of
confidentiality, since fraud can
occur at any level.
Fraud & Embezzlement – “Controlling” Fraud Risk in Your Organization
Third-party operation: The hotline
should be managed by someone
outside the organization trained to
appropriately screen, inquire,
document and share the relevant
information with the organization.
section 03
50% of fraud tips come
from inside an
organization.
© AGH Employer Solutions 2015 17
Financial Policies & Processes
To properly segregate
duties, a business needs
to split financial
responsibilities among
three different employees:
Someone to authorize transactions,
Someone to record transactions
and
Someone to keep custody of the
related assets
Fraud & Embezzlement – “Controlling” Fraud Risk in Your Organization
If sufficient staff is not available, an accountant or third party can provide
some, but not all, checks and balances. Additionally, other compensating
control methods can be implemented, such as after-the-fact transaction
reviews by managers.
section 03
© AGH Employer Solutions 2015
Best Practices
Mitigate fraud risk with the
right responsibilities and
procedures
Fraud & Embezzlement
© AGH Employer Solutions 2015 19
Segregation of Controls
Segregation of controls generally fall into six broad areas:
Segregation of responsibilities and access to information
Appropriate authorization of transactions and activities
Documentation and reporting
Checks and balances
Physical safeguards over assets
Job rotations and mandatory vacations
Fraud & Embezzlement – “Controlling” Fraud Risk in Your Organization
section 04
© AGH Employer Solutions 2015 20
Segregation of Controls
1. Segregation of Responsibilities and
Access to Information
Avoid placing too much trust and
responsibility in any one person. For
example, an organization should
separate responsibility for check-
writing from bank-statement review
and reconciliation. Similarly, the
person who receives cash should not
be the same person who handles
bank deposits.
2. Appropriate Authorization of
Transactions and Activities
Consider using authorizations as a
check and balance on expenses and
payments. For example, progressively
higher levels of approval could be
required as an expense’s dollar
amount increases past set limits.
Fraud & Embezzlement – “Controlling” Fraud Risk in Your Organization
3. Documentation and Reporting
Maintain invoices, bank statements,
inventory records, and other
documents that tie into and serve as
back-up for the organization’s
financial records. Expect and review
monthly financials in a timely manner
for unusual or unexpected results.
section 04
© AGH Employer Solutions 2015 21
Segregation of Controls
4. Checks and Balances
Financial statement audits by an
external independent auditor are the
most common way to verify that an
organization’s financial statements
materially represent the current
financial status. However, internal
audits may be conducted by staff
removed from the financial
transactions being audited, or periodic
“surprise audits” can be conducted to
evaluate controls within various parts
of the organization.
5. Physical Safeguards Over Assets
Physical security over assets such as
cash drawers, inventory and supplies
reduces the ability for employees to
help themselves.
Fraud & Embezzlement – “Controlling” Fraud Risk in Your Organization
6. Job Rotations and Mandatory
Vacations
Having someone else take over a co-
worker's responsibilities, if only for a
week of vacation, may be just enough
deterrent to avoid fraud. It is also a
good means of uncovering unusual
activity which may be an indicator of
fraud.
section 04
© AGH Employer Solutions 2015 22
Policies to Consider Implementing
Consider implementing the
following policies to improve
the segregation of duties
without impairing efficiency:
Fraud & Embezzlement – “Controlling” Fraud Risk in Your Organization
Mail and Cash Receipts
Mail should be opened by an employee not responsible for accounting records. This
person should prepare a listing in triplicate of all cash receipts. Copies of the cash
receipt listing should be:
Distributed to the accounting department for posting
Distributed to the controller for comparison to the authenticated deposit slip
returned from the bank, and
Retained by the preparer
Check Endorsements
Restrictively endorse the checks "for deposit only in account XXXXXXXX.”
Daily Deposits
Cash receipts should be deposited, intact, daily. Holding receipts for a weekly deposit
exposes the company to loss.
section 04
© AGH Employer Solutions 2015 23
Policies to Consider Implementing
Consider implementing the
following policies to improve
the segregation of duties
without impairing efficiency:
Fraud & Embezzlement – “Controlling” Fraud Risk in Your Organization
Bank Statements
Bank statements, canceled checks and appropriate advices should be initially
received and opened by a responsible person other than employees maintaining cash
records. Such items should be reviewed before they are forwarded to the employee(s)
responsible for the bank account reconciliations. Unusual items noted during the
review should be investigated promptly.
Signed Checks
Signed checks should not be returned to the employee(s) responsible for the
accounts payable processing and/or cash disbursing functions. Checks should be
prepared for mailing and mailed by an employee independent of the above-
mentioned functions.
Accounting Journal Entries
Journal entries should be approved by an employee other than the preparer of the
entry.
section 04
© AGH Employer Solutions 2015 24
But What About Small Businesses?
Often, in small businesses, there just
aren’t enough personnel available to
properly segregate duties. In these cases,
the supervision and periodic review
procedures currently in place help mitigate
the lack of proper segregation of duties
and should be continued. Evaluate use of
the following procedures which could
be performed by closely held business
owners to further compensate for known
weaknesses attributable to an inadequate
segregation of duties:
Fraud & Embezzlement – “Controlling” Fraud Risk in Your Organization
Receive all bank statements unopened and review their contents.
Have bank statements reconciled immediately.
Review bank reconciliations carefully.
Review monthly aging of accounts receivable and payable.
Review and approve all write-offs of accounts receivable and credit
memorandums.
Review supporting documentation for all disbursements in excess of
predetermined amounts.
Sign all checks for amounts in excess of predetermined amounts and control
access to signature plates.
Approve and monitor changes to payroll.
Review monthly financial statements and question variances.
Have a questioning attitude. Don’t accept answers that don’t make sense;
investigate or question further.
section 04
© AGH Employer Solutions 2015 26
Overview
One particular type of asset deserves special
attention as the most common fraud target.
The Association of Certified Fraud
Examiners (ACFE) reports that 90% of all fraud
involves asset misappropriation. Within that
category, 85% involved the theft or misuse of cash,
including paper and electronic forms as well as
actual currency and coins. It is the number one
asset at risk in any business (as opposed to non-
cash assets such as inventory or equipment).
Most Common Employee Theft – Cash is King
section 05
© AGH Employer Solutions 2015 27
Cash Management
The most common ways middle-market businesses are
victimized is through check-tampering, expense
reimbursement, cash larceny, payroll and skimming receipts.
As laser printers and blank check stocks have become easily
available, almost anyone can alter or counterfeit checks – and
due to changes in the Uniform Commercial Code (UCC) in the
1990s, banks may not be liable when check fraud occurs.
Under the UCC standards of “ordinary care,” banks are
considered less liable if the customer does not take necessary
precautions to prevent the fraud.
What steps can you take, if they are not already employed, to
protect your company against check fraud losses?
Most Common Employee Theft – Cash is King
section 05
© AGH Employer Solutions 2015 28
Cash Management
1. Positive Pay
Consider using “positive pay” and ACH (automated clearing
house) “filter” services provided by your bank. A number of
fraud prevention tools are now available through many banks.
2. Blank Check Stock
Keep blank check stocks, returned checks, and check copies
locked up. If you utilize pre-numbered check stock, make sure
you have a method for accounting for all check numbers.
3. Check Stock Security Features
Evaluate use of a check stock with security features such as
watermarks, backgrounds with multiple patterns or colors,
special ink that can be read under ultraviolet light and use of
“void” marks (which display the word “void” when the check is
photocopied).
Most Common Employee Theft – Cash is King
A number of fraud prevention tools are now
available through many banks.
section 05
© AGH Employer Solutions 2015 29
Cash Management
4. Bank Account Reconciliations
Reconcile the bank statement promptly. Bank statements,
canceled checks and appropriate advices should be initially
received and opened by a responsible person other than
employees maintaining cash records. Such items should be
reviewed before they are forwarded to the employee(s)
responsible for the bank account reconciliations. Unusual
items noted during the review should be investigated
promptly.
5. Direct Deposit
Evaluate the value of encouraging direct deposit for payroll.
This greatly reduces the number of company checks floating
around.
6. Talk to Your Bank
You may want to consider meeting with your bank to discuss
steps you can take to help prevent check fraud. Bank
representatives will be able to explain the services they offer,
and additional tips for preventing fraud. Your due diligence
may help strengthen your ability to document “necessary
precautions.”
Most Common Employee Theft – Cash is King
Consider meeting with your bank to discuss
steps you can take to help prevent check fraud.
section 05
© AGH Employer Solutions 2015
The Red Flags of Fraud
Identify certain instances of
potential fraud
Fraud & Embezzlement
© AGH Employer Solutions 2015 31
The Fraud Triangle Revisited
Fraud increases when the three factors within
the "fraud triangle" intersect:
1. Pressure / Motivation / Incentive -- Employees and their
families experiencing layoffs or salary cuts face financial
pressure; managers may feel pressure to show positive
financial results.
2. Opportunity -- Fraud opportunity can increase when layoffs
leave fewer employees responsible for internal controls.
3. Rationalization -- Rationalization may occur if fewer
employees working more hours feel poorly compensated or
resentful and justified in committing fraud.
8 Red Flags of Fraud & Embezzlement
Opportunity
section 06
© AGH Employer Solutions 2015 32
What are Red Flags to Watch For?
In general, owners and key management
should pay attention to the actions of their
employees. Although "red flags" do not
automatically indicate fraud has occurred,
follow-up is critical.
Here are some examples of red flags that
merit further review:
8 Red Flags of Fraud & Embezzlement
section 06
© AGH Employer Solutions 2015 33
The Red Flags
Red Flag #1 -- Inability to Reconcile Accounts on a Regular
Basis
Significant balance sheet accounts should be reconciled on a
regular basis (monthly or quarterly). This includes, but isn't
limited to, cash, accounts receivable, inventory and accounts
payable. Your level of concern should increase if you hear
continuous excuses from an employee repeatedly “too busy”
to get it done.
Red Flag #2 - Unexplained Variances
An employee trying to cover up fraudulent activity may
attempt to bury it in various general ledger accounts. All
variances should be explainable. Be on the lookout for
account reconciliations with unexplained line items or the
label of "other."
Red Flag #3 - Large Number of "Adjustments"
Don't be afraid to periodically look at the general ledger detail
for significant accounts. Inquire about large quantities of or
significant dollar amounts of "adjustments." Crafty fraudsters
are good at lying to create a complex and confusing trail.
Red Flag #4 - Unusual Discrepancies Between Actual and
Budgeted Results
Budgets are a great tool for any organization. They serve as a
measuring stick for how the organization is performing. Any
variances between actual results and the budget should be
logically explained (for example, a major budget overrun in
supplies expense).
8 Red Flags of Fraud & Embezzlement
section 06
© AGH Employer Solutions 2015 34
The Red Flags
Red Flag #5 - Disbursements to Unknown or Unapproved
Vendors or Employees
Periodically review your vendor and employee list. One way to
get cash out of the organization and into the hands of a
fraudster is by paying fake vendors or employees. I've even
seen fraudsters add an outside friend or family member to
the vendor or employee list. The checks are electronically
signed and out the door without anyone knowing they weren't
legitimate.
Red Flag #6 - Gaps in Receipt or Check Numbers
It is important to require pre-numbered cash receipt forms
and to use numerically sequenced checks. It is also important
to account for every number. Missing receipts or checks could
mean an employee just pocketed the cash received for
writing checks outside of the system.
Red Flag #7 - Receipts not Matching Deposits / Always
Reporting "Cash Short"
Each deposit should be verified to match the amount
received to the amount deposited and to the amount
recorded in the general ledger. One employee should never
perform all three of these steps. Additionally, be cautious if
you are consistently seeing cash shortages.
Red Flag #8 - Significant Changes in Employee Behavior
Patterns
One phrase I commonly hear is: “The first place to look for
possible fraud is in the parking lot." What does that mean? Is
an employee obviously living beyond his or her means? Is
someone suddenly driving a shiny new Corvette that typically
could not be afforded on his or her salary?
8 Red Flags of Fraud & Embezzlement
section 06
© AGH Employer Solutions 2015 35
Be on the Lookout
Pay attention to the action of employees –
especially actions that don't make sense.
Additionally, be aware of employees that may
be experiencing personal financial difficulties.
8 Red Flags of Fraud & Embezzlement
Do your employees' spending habits make sense in relation to
their pay scale?
Do you have an employee who always makes an excuse for not
being able to take vacation time?
Do you have an employee who refuses to let anyone help with his
or her work?
Do you have an employee who is always making excuses?
These are just a few of the red flags to look for. My best advice is to
pay attention to what is going on.
section 06
© AGH Employer Solutions 2015 36
Contact us To contact Cindy or AGH Employer Solutions:
Twitter:
@AGHCindy
LinkedIn:
Cindy McSwain
Twitter:
@AGHLC
LinkedIn:
AGH Employer Solutions
SlideShare:
AGHLC
If you want to
contact Cindy:
www.aghemployersolutions.com
316.267.7231
YouTube:
AGHLC
© AGH Employer Solutions 2015 37
About the author:
Cindy McSwain leads AGH’s outsourcing
services group. Her team provides
payroll, accounting, funds disbursement,
controller, and other financial
outsourcing services to numerous clients
throughout the U.S. Prior to directing the
outsourcing group, McSwain served
AGH’s audit clients for 10 years, working
with a wide range of middle-market,
closely held and family-owned clients.
Her current clients cross many industry
sectors, including manufacturing,
distribution, restaurants, retailers,
medical and not-for-profit. She has
participated in numerous SEC filings,
public registrations and has experience
in mergers and acquisitions. McSwain is
a certified public accountant and a
member of both the American Institute
of Certified Public Accountants and the
Kansas Society of Certified Public
Accountants.