Fraud committed by employees on their employers has been increasingly in the news. And not only fraud by ordinary employees. It is also very common for fraud to be committed by one business partner or director on fellow partners or directors.
Scarcely a week goes by without news of some spectacular fraud at high levels in the big end of town. This may not seem to be relevant to the CEO of a small to mid-sized company, but in fact employee fraud is just as likely to occur in smaller companies.
Surveys indicate that about 50% of companies across the board experience significant employee fraud over a period of several years. The gross amounts lost by a small company may not be as much as that lost by a large company, but those losses can be just as devastating in terms of reduced profitability, cash flow difficulties, loss of reputation and staff demoralisation.
Employees can defraud a company by stealing physical assets (products, supplies, raw materials), stealing money (cash, cheques, payments via false documentation), corruption (taking bribes to favor a particular supplier etc) or falsifying financial statements.
Successful frauds often run undetected for several years because the fraudster has figured out how to “close the loop” and cover up the losses. For example, an employee with the authority to approve vendor payments sets up a company which does no work but invoices their employer for services (unlike supplies, receipt of services is hard to verify). The employee then approves payment of these invoices. When the books are examined all seems in order.
The best approach is not to assume that you will always be able to spot a fraud when it is underway, but rather to take steps to reduce the risk of fraud. While a full fraud risk reduction exercise requires the help of external experts, there are some basic steps you can take yourself which will materially reduce your risk.
There are two basic improvements you need to make: to ensure that your company’s systems and controls are designed to make it as difficult as possible for a fraudster to conceal their activities, and to strengthen the anti-fraud nature of your workplace culture.
Looking first at systems and controls, the first step is to ensure that you understand in detail your company’s financial system and the transactions involved in the whole business cycle. You may have some longstanding employees who do all the “back office” work so you can concentrate on the “real business”, but unless you understand what they do, how they do it and monitor their work regularly your fraud risk will remain high.
Your understanding of your financial system will allow you to review it for the presence and operation of the basic anti-fraud controls. Some of the areas you might look at are:
- Proper authorisation of transactions, activities and alterations to records
Any point at which someone could approve a financial advantage for themselves or an outside collaborator needs to be controlled by requiring authorisation by a senior or a functionally unrelated employee. Examples are debtor write offs, purchase requisitions, overtime payments, shipping of product and altering of credit limits.
Certain highly vulnerable procedures require approval by two independent authorisers. These include signing of company cheques, and payments by electronic banking or over the Internet. Many companies which require two cheque signatories did not carry this practice over to electronic banking, potentially leaving themselves open to fraud.
- Segregation of duties
Any single employee should not carry out a sequence of duties which would allow them to steal money, supplies or product and then cover it up. Consider the case where an employee receives and totals cash and cheques, completes the banking deposit slip, does the banking, enters the receipts into the accounting system, and is also able to write off bad debts. If you think about it for a while, it is quite obvious how a fraudster in such a position could steal money and alter the records to cover it up.
Anywhere such a sequence of duties occur they should be split between several employees so that covering up fraud becomes more difficult.
- Properly designed processes, documents and records
Key reconciliations and numbered documents are important here, as well as timely processes such as daily banking and monthly debtor statements which would reveal temporary dislocations in the accounts. Examples of important reconciliations are bank deposit slips to bank statements to cash receipts journal, and purchase requisitions to purchase orders. Reconciliations should be carried out or at least checked by a senior or a functionally unrelated employee to the person who carries out the underlying work.
- Adequate safeguards over access to and use of assets and records
Important here are physical access to financial instruments (blank cheques, cheque signing machine, signed company cheques, customer cheques, cash), to the payroll records area, to supplies and products and access to the financial, business and payroll software. Computer passwords must be kept secret, not be shared, and should allow layered access to financial transactions depending on the employee’s position.
- Supervision and independent checks
While there may be some initial resistance, a senior manager needs to accept the extra duties of understanding, checking and reviewing key financial reports and documents for unexplained variances or unusual entries. Examples are analysis of customer credits, bad debt write offs, scanning of journal entries for illogical transactions, and trend analyses in areas such as overtime hours worked, expenses, commissions, bonuses, payroll, number of people paid, debtor write offs, customer refunds, faulty product scrapped and so on.
Obviously, reviewing and improving systems and controls is key to reducing fraud risk. However, just because there are controls theoretically in place does not mean that fraud risk has been minimized. They must be followed in practice .The “people” or “workplace climate” element must also be addressed so that employees willingly follow correct procedures.
The “workplace climate” experienced by employees is an outcome of the culture. It can be positive, encouraging trust, productivity, creativity and commitment, or negative, producing suspicion, secrecy, low productivity and poor commitment.
In a positive culture alignment between people at all levels and the organisation’s vision, mission and values is readily achieved. Employees understand and support where the organisation is headed and what it intends to do to get there. In other words, there is a high correlation between the individual values and goals of employees and that of the organisation. This naturally leads to commitment, “doing the right thing” and high productivity.
The saying that the ‘tone at the top” is important is well known, and indeed this is the major factor in determining the quality of culture in an organisation.
CEOs and senior managers who are seen to act honestly and encourage their subordinates to do the same, treat all staff fairly and equally, listen and communicate well and delegate authority will generate a strong anti-fraud culture.
By making clear what standards of behaviour are expected, setting a good example, encouraging communication and teamwork, developing individuals and punishing inappropriate and dishonest behaviour, management will create an environment where employees will implement controls and be more likely to report any wrongdoers that they become aware of.
While it is difficult to find time to step back and analyse your company in this way, and indeed to find time to do it, the rewards in reducing your risk of future employee fraud make it worthwhile.
Dolman Bateman's Fraud Risk Checkup QuestionaireThis Checkup will help you to assess your general level of risk from employee fraud - that is, fraud perpetrated on your organisation by its employees.
There are 10 multiple choice questions in the Checkup. It's quick, easy and confidential. After completion, a detailed report analysing your answers will be immediately emailed to you.
Note: because it is simple and covers only a few topics, this Checkup is not a substitute for a full fraud risk assessment. For this reason it is not to be taken as satisfying any statutory or other requirement.
CLICK HERE to complete fraud checkup