Employees often incur expenses on behalf of their employer and then submit expense reports for reimbursement at a later date.  This common business practice is very useful because it allows businesses to operate efficiently without unnecessary delays related to petty cash disbursements.  Unfortunately, expense reports are one area that can allow easy pickings for employee theft.  According to the Association of Certified Fraud Examiners, as reported in their most recent study, approximately 15% of all asset misappropriation cases were related to expense reimbursement schemes.  The median loss for these schemes was $33,000 and the median duration was 24 months before the fraud was detected.

Last winter CNN reported on an employee reimbursement theft at NYU.  The scheme was carried out by collecting discarded liquor store receipts and submitting them for reimbursement.  It wasn’t an elaborate scheme, but just another example of ineffective controls and inadequate review policies.  To minimize the chance something like this from happening at your company, I propose the following:

• Any purchases made on credit cards must include a copy of the credit card statement, the original purchase receipt, and a signature on the receipt of the supervisor responsible for approving the purchase.
• Any purchases made with cash should be subject to a daily, weekly, or monthly limit.
• Purchases should be submitted under predefined categories (office supplies, party supplies, client gifts, etc.) and trends should be reviewed.
• Comparable level employees should have their reports compared with one another to look for outliers.
• Any high level supervisors or executives should have their expense reports reviewed by an outside Certified Fraud Examiner.

While there is no way to “prevent” employee expense reimbursement fraud, there are steps that can be taken to assist in early detection and to let the potential fraudster know that they will get caught quickly.  A Certified Fraud Examiner can work with management to establish a comprehensive fraud program related to internal controls, policies and procedures, and training at all levels.

The trust and optimism of business owners and managers never ceases to amaze me. No matter who I approach regarding fraud deterrence services they will tell me that fraud “doesn’t go on around here,” and “I trust my staff implicitly.”

These are the same people who, once a fraud is uncovered, will say, “I never would have suspected (insert name).” Because the employee is trusted, and therefore above suspicion, they are able to get away with stealing for an average of 18 months before anything is detected. I have not, in 16 years of forensic accounting, met the business owner who says, “You know, I figured they had been stealing from me for the past few years.”

Here is the rub. No one thinks fraud is going on in their organization, but according to the Association of Certified Fraud Examiners in their 2010 Global Fraud Study, fraud costs businesses approximately $2.9 Trillion (Yes! with a “T”) per year throughout the world. The truth is that fraud exists, on some level, at virtually every single business. The only real question is, “How much?”

Businesses should recognize that fraud does exist and owners should decide what’s okay–for example, is it okay for an employee to take home a box of pens from the supply room? Owners should also clearly define what’s unacceptable. For example, it’s okay to drink a can of pop from the fridge at work–but it’s not okay to take home cans of it.

Clearly defining the rules and expectations for everyone helps to create a culture of openness and integrity in the workplace. When employers blindly trust their employees, or are too busy or lazy to clearly define policies, owners inadvertently create an atmosphere that is conducive to fraud.

A Certified Fraud Examiner can help to put positive procedures in place to help create a healthy atmosphere in the workplace. A CFE can objectively review policies, procedures, and controls to reduce the probability of a large-scale fraud going undetected.

When attending the Windy City Summit last week, I had the opportunity to sit in on many of the fraud seminars. Two of the sessions were heavily focused on cyber crimes, including unauthorized intrusion into corporate computers and networks as well as identity theft.

Specifically, there was a significant amount of discussion around hackers getting programs into computers that will log every click and keystroke the user makes. These attempted intrusions are not always caught and can compromise highly sensitive data. Interestingly, the only discussion was related to software attacks through Trojan horses and other similar methods.

One thing that all of the seminars forgot to tell everyone is to look at the connection between their keyboard and their PC. Often times this connection is in the back of the PC or under the desk. So why should you waste your time, maybe even get on the floor under your desk, to do this every day? Well, because of a little device that anyone can buy for around $40 called a “keystroke logger.” Look at these!

A keystroke logger is a small device that is inserted between a keyboard and PC. It will record every single keystroke made by the user without leaving any trace of the recording on the hard drive–and it also won’t trigger any spyware warnings. Later, you just unplug it and its small enough to fit into a pocket. If I was a perpetrator of identity theft or another cyber crime, I would now have an abundance of information about your computer use, passwords, and personal information.

None of the presenters I spoke with at the Windy City Summit had ever even heard of a keystroke logger! I know because I’ve met victims of this type of attack. Keystroke loggers are fast, cheap, and leave no trace. Do you work in an office environment where this type of attack could take place? Take five seconds and look at your keyboard connection every time you sit down at your computer–and maybe even consider getting down to look underneath that desk. Swiffer, anyone?

I noticed that treasury professionals are taking a more visible role in the purchasing of insurance, setting business interruption values at risk, and settling property and business interruption insurance claims. I’m not sure if this is due to the impact on treasury and cash during these economic times, if it is a function of eliminating positions, and consolidating duties, or if it is a shift in corporate philosophies.

Regardless, I figured that I had better learn more about treasury professionals and what interests them. I searched the web and found that the Treasury Management Association of Chicago (TMAC) was hosting the 24th annual Windy City Summit May 19-21. The Windy City Summit is a two and a half day meeting with many educational seminars and a whole track in insurance. I decided that I should attend this as an educational experience to see what insurance topics interest treasurers. The answer …… NONE! The insurance seminars were poorly attended.

So, what was packed? Anything to do with fraud! It didn’t matter if it was check fraud, employee theft, inventory disappearance, cyber fraud, or identity theft. Fraud is a hot topic and something that most internal financial professionals do not have the education, training, and experience to address. To find such an interest in fraud was personally satisfying, because this is a drum I have been beating for years. Employee theft is one of the most likely losses for a company to experience. The average fraud is over $200,000 and goes undetected for two years. 25% of all frauds are for more than $1,000,000. The time to tighten controls and implement a comprehensive fraud deterrence plan is BEFORE the big one occurs.

I hate to read articles like Businesses are Prey to Embezzlement from the Atlanta Journal Constitution. I hate it because the events that unfold in this article lead to a result that is unnecessary and make me sound like a broken record. I understand that business owners are reluctant to spend a few thousand dollars up front to beef up their internal controls. But it sure does seem silly to allow a business and lives to be ruined as a result of a fraud that could have easily been prevented.

In the case of this article, the words “beef up” aren’t even right.  The company in the article had 28 employees. 28! Not everyone has to have an accounting degree. Somewhere in those 28 were people who could have:

• Opened the mail to look for late notices from vendors
• List the incoming checks
• Verified checks received to daily deposits
• Reconciled the checking account

I know I sound like a broken record folks, but a lot of these scams can be prevented or caught at an earlier stage. If the above steps were segregated, that would have immediately limited the opportunity of the bookkeeper to perform certain types of fraud without detection.

In addition, if the bookkeeper knew that a Certified Fraud Examiner regularly reviewed random accounts and transactions, they might just decide to either stay honest or move to an easier target. I am delighted to help businesses after a theft occurs but I much prefer to help businesses take steps to minimize the chance of fraud occurring in the first place.

When you’re a business owner, your business partner can be your best friend or your worst nightmare. Your business partners are the people you should be able to trust the most, because they are the individuals who stand to lose or gain the most if the business fails or succeeds, right?  So why would an owner steal from his own business?  For the same reasons anyone steals from a business!  Business owners who steal from their partners have a real or perceived, unsharable need; they have the opportunity; and they are able to rationalize their actions.

When you compare employee theft to business owner theft, there are several key differences that lead to increased opportunity for the fraudulent partner, including:

• Partners may have little or no supervision.
• Partners may be able to easily hide their actions because of their position.
• Partners have the authority to transact business on behalf of the company.

One of the most common schemes I’ve seen is partners abusing their expense accounts.  Fraudulent partners run personal expenses such as car payments, club memberships, vacations, and other non-business entertainment through their expense accounts and–get this–no one is in charge of reviewing their expense reports.  If a fraudulent person does this in a firm with five partners, the other partners are picking up 80% of the tab.

The possibility of this type of activity can be reduced by using a Certified Fraud Examiner to review partner expense reports.  Using a Certified Fraud Examiner to make periodic reviews of partner expense reports is a logical choice for the following reasons:

• An internal staff person may fear retaliation and therefore be reluctant to voice concerns over partner expense reports.
• Partners don’t want a staff person to know the details of partner spending.
• A partner expense review should not be done by the same outside accounting firm that prepares the tax and audit duties for the business, because that firm may fear losing the tax/audit/consulting work by angering a partner.
• Partners don’t want to feel like they have to babysit one another–they’re busy building a business.

The trained eye of a Certified Fraud Examiner can help to alleviate these concerns and help business partners to build trust while growing their business.

Criminologist Donald R. Cressey identified three traits that are commonly present when people perpetrate fraud. Cressey created an hypothesis known as the ‘fraud triangle.’ The three sides of the fraud triangle are:

1. Rationalization – Since the majority of individuals who commit serious occupation fraud are not career criminals, they feel a strong need to justify their actions.
2. Opportunity – Access to company assets and a lack of internal controls that will prevent immediate detection of the fraud.
3. Pressure – This is a financial need (real or perceived) that the individual cannot share with others due to potential shame or loss of social status.

When these three sides of the triangle are present, there is a much higher than normal chance of an individual committing a fraud. In this post, I want to write more about one of the three sides of the fraud triangle, opportunity.  Opportunity exists when an individual has access to assets and the ability to misappropriate them with little chance of being immediately detected.

There are two sets of conditions which often exist simultaneously to create opportunity for fraudsters. The first condition is that of the “trusted employee.”  I have never worked on a fraud case when, after the fraud is detected, an owner says, “Yep.  I figured they had been stealing from me for the past three or four years.”  Never happens.  The owner or manager is always dumbfounded to learn that the culprit who has been committing fraud is one of the most trusted, if not beloved, employees.  This type of blind trust, with little or no oversight, creates big opportunities.

The second set of conditions is created by the current business climate. In the current economy, people are often asked to do more work, as their coworkers are laid off.  In some cases, this reduction in workforce causes previous safeguards to be eliminated.  There is less segregation of duties and no new mechanisms are put in place to offset the loss of personnel.  This loss of internal controls creates opportunity for frauds to be committed more easily and to increase the time before they are uncovered.

All business owners want to trust their employees, especially those who handle the money and assets of the company.  However, business managers would be well served to follow the quote often used by President Ronald Regan, “Trust but verify.”  Trust is good, blind trust is bad.  Managers should regularly work with an expert in fraud deterrence to review policies and procedures to make sure they are updated to reflect current staffing capabilities.

Criminologist Donald R. Cressey identified three traits that are commonly present when people perpetrate fraud. Cressey created an hypothesis known as the ‘fraud triangle.’ The three sides of the fraud triangle are:

1. Rationalization – Since the majority of individuals who commit serious occupation fraud are not career criminals, they feel a strong need to justify their actions.
2. Opportunity – Access to company assets and a lack of internal controls that will prevent immediate detection of the fraud.
3. Pressure – This is a financial need (real or perceived) that the individual cannot share with others due to potential shame or loss of social status.

When these three sides of the triangle are present, there is a much higher than normal chance of an individual committing a fraud.

In this post, I want to write more about one of the three sides of the fraud triangle, rationalization. Rationalization is the process of justifying actions that the individual knows to be wrong.  In the case of employee theft, most perpetrators are not habitual offenders. They are not career criminals.  They have a strong internal need to justify their actions.

I have seen two common rationalizations. The first is, “I was only borrowing the money.”  A person who uses this rationalization has convinced himself that this is a temporary situation and that, as soon as their finances turn around, they will repay the money in full. They haven’t “stolen” anything.  This was simply an unauthorized “loan.”

The second rationalization is that the money is owed to the fraudster. In the current economy, people are often asked to do more work, as their coworkers are laid off, and there is also no money for raises or bonuses. In some cases, workers are actually forced to take less just to keep their job. The employee feels they are being treated unfairly and they are simply helping themselves to something that is truly owed to them.

When these situations are combined with the financial hardships many families are facing, it is a recipe for disaster. This is why it is critical for employers to do things to maintain a positive atmosphere. It is much harder for happy and satisfied employees to rationalize theft from their employer.  Business owners should review the current satisfaction level of employees, pay heed to their complaints, and address them if appropriate. This is one area of business where is doesn’t pay to be penny wise and pound foolish.

Join me when I appear as a guest on the radio talk show, Work Does Matter with host Denise Rubin.  The topic is, “Why Should I Care if Someone’s Ripping Off the Boss?”   Because I’m a Certified Fraud Examiner, I’ll be the expert discussing fraud in the work place, which happens WAY more than anyone wants to admit.

For example, did you know that the average value of fraud to a small business (a business of less than 100 employees) is $200,000?  Or that 25% of all frauds are for over $1,000,000?

The show airs Friday, January 29th, from 1-2 pm PST.  You can listen live on the KKNW 1150 AM website.  Tune in for tales of intrigue and deceit…because fraud happens closer than you may think.

Give to charities that have an established system of internal controls in place, like the American Red Cross.

It makes me proud to be an American when I see the generosity of my friends and neighbors, who like millions of other Americans have stepped up their charitable giving in an effort to ease the pain of the victims of the devastating earthquake in Haiti.

Like many others, I want to ensure that the charitable dollars that I give will do the most good…so in a time of crisis, how do you know which charity to support?  Because I am a Certified Fraud Examiner, I can tell you that there is no way to avoid fraud completely.  There is always a chance that an individual may commit fraud, even at a respected charity. However, that worry does not preclude us, as a society, from our moral obligation to help others in a time of need.

When I give, I seek out charities that seem to have strong internal controls in place.  I look for organizations that specialize in charitable works, rather than contributing to smaller groups that seem to “dabble.”  I also look for charities that have low administrative costs.  Websites like Charity Navigator can help you make the right decision for your charitable giving.

What to Avoid

Because there are so many people in this country who are profoundly and emotionally moved by the pictures they see on TV, and willing to give their money to help this painful situation, fraud and scams related to the earthquake in Haiti are running rampant. To combat these scammers, the FBI has issued the following list of guidelines:

If you have the means, please give generously in times of disaster and economic hardship. If you decide to donate to a smaller organization, take the time to research it. When in doubt, in my opinion, the American Red Cross is a worthy place to donate for emergency response situations such as the earthquake in Haiti.

Which organizations do you support?  Leave a comment below.