BY PAMELA WICKES CPA, CFE
Nov. 16-22 is International Fraud Awareness
Week and hundreds of businesses, agencies
and other entities around the globe will help
shine on the opportunities that regularly arise
within businesses that can lead to employee
embezzlement in hopes to prevent future fraud
or uncover existing acts of deception.
As a certified fraud examiner, I wanted to
share a couple of stories that demonstrate
some unfortunate instances of fraud, and shed
light on how they could have been avoided.
The fraud triangle is a model for explaining
the factors that cause someone to commit
fraud within a company. It consists of three
components which, together, lead to fraudulent
behavior: motivation/pressure, opportunity,
and rationalization. Famed criminologist
Donald Cressey came up with this hypothesis
to explain why people commit fraud.
It may be difficult for management to
do anything about an employee’s needs or
rationalizations. Business owners have the
most control over the perceived opportunity.
The opportunity to commit fraud is possible
when employees have access to assets and
information that allows them to both commit
and conceal fraud.
Small businesses are particularly vulnerable
because they often lack the resources
of larger organizations. The most common
downfall for small businesses is the lack of
segregation of duties due to limited number
of employees.
Segregation of duties is a basic building
block of internal controls for an organization.
The goal is to disperse functions of an accounting
process to more than one person. An
example of the segregation of duties would be:
a company’s requirement that bank statements
are mailed to the owner’s personal residence,
and that the bank account statement must
be reconciled to the accounting records by
someone other than the person writing the
checks and someone other than a person
recording the amounts in the company’s accounting
records. Segregating duties creates
checks and balances.
Recently, I led an investigation that revealed
a controller had the opportunity to
employ multiple schemes to extract money
from a company for the controller’s personal
benefit. The controller prepared the payroll
reports and determined the amount of direct
deposits to employees’ accounts.
The amounts of the transfer from the company’s
bank account exceeded the amount necessary
for the direct deposits, which revealed
that the controller was directing the company’s
money to cover child support obligations. The
controller recorded the transaction in a “clearing
account” in the general ledger and was
responsible for reconciling the bank accounts.
The controller also paid personal IRS settlement
obligations out of the company’s checking
account. Apparently, while the controller
was not authorized to sign company checks,
there was a signature stamp at the office. The
controller recorded these transactions against
the owner’s loan account in the accounting
records. Again, the controller was responsible
for reconciling the bank accounts and there
was no segregation of duties in this regard.
In my opinion, the most deceitful of the
controller’s actions was the alteration and
falsification of the company’s financial records
provided to and relied upon by the owner and
third parties. The controller did not include
certain significant liabilities and understated
bank debt in the financial reports prepared.
This was harder to identify than the cash
transactions because it required analysis of
original books and records in comparison to
those issued to third parties. A red flag was the
fact that all the financial reports produced by
the controller were generated in Excel rather
than printed directly from the sophisticated
accounting program the company used.
In another matter, a union business office
manager, who was responsible for preparing
the payroll, gave himself an unauthorized
raise. Unfortunately, this came to light shortly
after I had warned of that risk during an internal
controls evaluation. In this situation,
there was not enough oversight with regard
to the duties performed by the business office
manager.
In another investigation I led, an accounting
clerk sent bills to customers, but deleted
certain ones from the accounting records before
they were posted as revenue and accounts
receivable. When the customer paid the bill
that was no longer reflected in the accounting
records, the clerk applied the payment to the
clerk’s and the clerk’s family’s accounts.
In some instances, the bill was not deleted
from the system, but instead the clerk
“adjusted” the customer’s account balance
to reflect a lower balance, as if the payment
had been appropriately applied. The lack of
segregation of duties related to the revenue
and collection cycle provided opportunity for
this fraud scheme.
Each of those examples occurred in organizations
that had ample number of employees
to segregate functions appropriately. However,
many small businesses that don’t have enough
employees to segregate duties can still protect
themselves by employing some or all of the
following:
• Mail the bank statements to the owner’s
home for an overview of the transactions and
parties on the cancelled checks.
• Have an outside accountant perform the
bank reconciliations, particularly when there
is only one employee performing accounting
duties at the company.
• Perform surprise audits of the cash
account(s) on occasion.
• Implement a manner to receive tips, which
is the most frequent method of fraud detection.
Wickes is director of forensic accounting,
Teal, Becker & Chiaramonte CPAs, PC.
Photo Courtesy Teal, Becker & Chiaramonte