As a business owner or a manager within a business hierarchy, the demands of operating your business can be overwhelming. Trusted employees are hired as your business and/or department grow to meet the pressing needs. You have your own responsibilities to “keep your eye on the ball” and provide the best products or services to your customers. Everyone’s bandwidth, at some point, meets its limit. As such, owners and managers understandably need help to manage their business’ finances. When inquired about internal theft, many owners and managers understandably tell themselves, ‘No one would be bold enough to steal from me or my business. I personally interviewed and hired (insert name) to manage my accounting, handle payroll, oversee inventory, etc.’ These thoughts and assumptions are the very seeds sown for reaping a significant loss – both financially and relationally. Even government entities, with their rigidly added emphasis on checks and balances, are not fully protected from fraudulent insiders; Unfortunately, sadly nor are not-for-profits, such as homeowner associations, youth sports leagues, or religious ventures. The headlines from various news outlets seemingly have an endless stream of cases where an employee formerly described as “well-liked”, “diligent”, and “never missed a day of work”, was (finally) caught having stolen significant funds from their employer. The overall results are nothing short of devastating. This devastation certainly ruins personal relationships, but equally, could financially ruin a business’ future.
So, what are some answers to protect your entity, be it a business, a government entity, or other business ventures. First off, let us look at some different types of corporate fraud:
Corporate Misappropriation : Using an entities products, tools, or other assets for personal gain.
Embezzlement : Essentially, stealing funds from an entity and taking the extra steps to obscure where the funds went.
Corporate Theft : Outright theft of an entity’s assets to use or sell for personal gain.
So how does one actually enact policies and procedures (verification) to safeguard their entities from internal corporate fraud? First, let us look at your internal control policies. If you have ever been audited, your internal control policies may have surfaced. Internal control polices are set up to curb the possibilities of not only significant theft but even strain minor overreach of certain employees. For example, who in your business is in-charge of revenue receipts? Is it one employee or more than one? Is this employee also the one who has command of the business’ outgoing payments, such as checks, wires, debit, or credit card transactions? Are they the only one who communicate and transact with the bank or other financial institutions? Many times, we will hear, “Oh, (Insert Name) has the know-how and the patience to keep our business’ books. I just give it all to them to handle, because I do not have the time or patience for that type of stuff.” This is fully understood from a time management and employee utilization point of view – no doubt; However, too much control by one employee means they can control what others think is happening with the entity’s finances. Most internal corporate fraudsters take advantage of the trust others have in them. Their mindset may be that of justification – they have worked at this business for a long time and poured countless hours into their work without receiving the admiration they believe is due them. Or, times are very difficult in their personal life, household bills are piling up, divorce, etc., and the act of pulling out just a small amount of the business’ funds for themselves would 1) not hurt the business 2) no one would really notice and 3) the fraudster believes the money would be better suited for them rather than the business. Like anything, this starts small. Fraudsters tell themselves, “I will only do it this one time, and I will pay the money back when I have it.” If no one in the business does notice after one or two episodes, mostly because no other employees in the business have access to these transactions, the fraudster cannot help but be relieved, but worse yet, emboldened. Fraudsters gain confidence they are getting over on the business. They start to believe they are too sly and witty to be caught. Quite possibly, for some fraudsters who are not predisposed to this behavior, the act may even be thrilling. All of these feelings and justifications incubate while the fraud persists. As such, it is not hard to fathom the fraudster will soon take bolder and more egregious steps to steal more funds/products or even branch out to other types of fraud. Before long, they are in deep and most likely too deep to ever dig out of. Yet, frauds do not last forever, and once exposed, the amount of shame, loss, and disgust that is born from that incubation can be quite devastating to everyone. If it was easy to steal a little bit, they will begin a repetitious cycle to misappropriate more and more.
You may ask, “How does someone do this and not get caught, or at least not get caught for say years?” Under the guise of self-responsibility and dedication to the entity, fraudsters take ownership of certain routine tasks and adamantly refuse to let anyone see or much less do these tasks. They may say, “I am the only one who has access to the bank funds. The owner or manager wants me to be the only one.” Some of the more-savvy fraudsters couple their accounting knowledge with a pseudo gambling prowess. In other words, the fraudsters cover their tracks by doing some of the following techniques to one degree or another:
Setting up an entity that is invoiced and paid with the victim business’ funds as if they are receiving some sort of product or service. Although payable to this fake entity, the fraudster controls this entity and its finances, thus the fraudster personally benefits from the payments. Or they may simply create false invoices to cover their misappropriation and backstop any suspicions.
Although payable to this fake entity, the fraudster controls this entity and its finances, thus the fraudster personally benefits from the payments. Or they may simply create false invoices to cover their misappropriation and backstop any suspicions.
For businesses that have multiple bank accounts, credit lines, and other financial accounts, the fraudster may simply transfer funds multiple times per day or week to make it appear as though they are sending money here and there to cover costs; However, they are actually obscuring where any of the money went and for which purpose. They may think there is only slight chance anyone would know how to untangle this. As such, the fraudster could essentially play dumb and claim lack of knowledge or they got in over their head with their job. In reality, this just creates an accounting nightmare solely for the purpose of hiding where the money went. Despite that, most accountants/auditors are quite talented in their own right. Given a task to determine if money was embezzled only heightens the accountant/auditor’s vigor to determine the truth, no matter how messy.
Setting up a false employee or contractor who is actually paid. Not what I would necessarily think this is a well thought out long-term scheme, given the IRS will certainly get involved, but certainly has been done to one degree or another.
If the business deals heavily in currency (actual cash and coin), look no further than “skimming”. This is a common threat at bars whereby, a bartender will serve multiple drinks to his/her friends but only charge them for a few of the total drinks served. This way, their friends receive a smaller bill while enjoying multiple drinks, and conceivably, the bartender will receive a large tip. That is just one example, but there are countless other fraudsters who have attempted to employ similar strategies at restaurants or other stores where cash is still king.
The age-old kickback scheme is another, but rather than solely involving one internal fraudster, it involves a conspiracy of at least one other individual. One vendor seeking to do business with another business will entice one of the employees with special treatment (i.e.: higher fees or access to proprietary information). Should the vendor win a contract and begin billing the business for services, the vendor will take some of the revenue received and kick it back to the customer’s internal employee for their part in effecting the contract.
What should business’ do to protect themselves from embezzlement? Stopping any and all embezzlement or misappropriation of company funds and/or assets is actually a tall task. An entity should employ proper internal controls that are stringent enough to protect the company from most schemes; However, the internal controls should not so stringent they adversely affect the day-to-day progress of the business. For example, it is crucial for the in-house accountant/bookkeeper (or the accounting department of a larger business) have a separation of duties. Employees who record transactions in the books should not actually have signature authority or effect transactions with the bank or other financial institutions. Separating those whose job is to keep the books and produce timely financial statements from those who write checks, make deposits, authorize expenditures (via electronic means or credit), is a plausible way to protect from any major embezzlements. Separating these jobs adds a solid layer of protection. Is there a possibility these two employees could conspire to steal company funds? Of course, but again, the goal is to significantly curb or limit opportunities for embezzlement. Additionally, routine internal audits, even if the auditor is simply another employee from a separate department spot checking specific transactions for their authenticity and to ensure proper authorizations were met. This should be done routinely but also without notice so as to ensure no one can pre-emptively prepare or attempt to cover their tracks. Some entities require employees who oversee the distribution of payments to have dual-signature authorizations for amounts greater than, say for example $2,000.00. This puts a ceiling on expenditures and for this example, if any expenditure amount is >$2,000.00, then more than one person has to agree on record. Again, nothing is totally safe proof but setting up certain controls that are not too burdensome to the normal business processes is essential for protection.
1 Emphasis added.