Employees who commit fraud do not wear a sign saying, “Warning! My ethics are questionable and my motives are self-serving.” Their crimes often continue, unnoticed, day after day, sometimes for months or years. In a majority of circumstances, people simply hear stories of fraud or employee embezzlement. Rarely are they the one directly involved. In any case, when the fraud is discovered, no matter how large or small, the impact to the victimized company can be painful and dramatic.
Like many crimes, fraud can be quantified in terms of absolute dollars. And, like many crimes, it also is very personal and it cannot and should not be assessed solely in these terms. The fraud often is uncovered too late and the damage to a company’s finances and reputation has already been done. Fraud costs the company’s owners real money and, perhaps even worse, it damages the company’s reputation whether or not the fraud is disclosed privately, or worse, publicly to the company’s stakeholders, including its shareholders, employees, customers, vendors and financial institutions.
Dealing with the consequences of fraud also wastes a company’s time and resources, which would otherwise be devoted to a company’s business. The impact that fraud can have cannot be underestimated, therefore, the prevention of corporate fraud is critical and cannot be overstated.
Fraud occurs when financial statements are intentionally misstated or corporate funds are intentionally misappropriated. The key word is intentional. If an inexperienced accountant records a one-time asset sale as operating revenue and the transaction is later discovered and correctly re-classified into the proper category, the transaction is not considered to be fraudulent. On the other hand, if an accounts payable clerk is discovered to be deliberately writing checks for personal expenses using the company’s checks, the clerk is intentionally diverting funds from the operations of the business for their personal benefit.
Many times a company does not have the time or the financial and operational resources to implement a risk management program focusing solely on fraud. Many small to medium-sized business owners do not want to think that any of their employees, who are often considered “family,” could be stealing from them or falsifying financial results. Moreover, data from the Association of Certified Fraud Examiners reveals that most employees who commit fraud have not done so previously, making the pre-employment background checks unreliable in assessing the risk of employee fraud.
What are some best practices to mitigate the risk of fraud in your company? How costly are they to implement? What experience is needed (or needs to be acquired) to do this correctly? The answers to these questions may be simpler than you think. There are a number of ways that owners and officers of companies can either deter fraud or identify it in a timely manner after the fact. They are simple and effective. Some examples are:
Effective Internal Control Environment
Limiting fraud through effective internal controls that require checks and reviews by supervisors at various points in the closing and transaction process is critical. Management should assess the existing internal transaction process, including how data and transactions flow, and then establish standard procedures for routine review and approval of transactions that different employees should follow.
These procedures should be documented to eliminate confusion about how an employee should perform his or her job while also giving the employee knowledge that someone is checking his or her work. Having a clear delineation of duties between individuals or departments creates what is known as a system of checks and balances. As a result, people are not likely to be put in situations where they may be able to manipulate the financial results or misappropriate funds without being detected.
Perpetrators may come from different areas of responsibility throughout the organization. The perception that someone else is overseeing work is a good fraud deterrent. Knowing that a supervisor, an external accountant or an auditor will be reviewing work discourages the potential to commit fraud or other violations of established accounting and financial procedures. Additional protection may also be achieved through multiple tiers of approval and with limited controlled access to financial records.
A company’s audit committee should develop written policies about the importance of ethical behavior by employees and engage in active discussions with senior management. These policies should be emphasized by management throughout the year, and the consequences of violating ethical standards should be communicated, up to and including job loss and the possible involvement of law enforcement.
But it isn’t enough to communicate orally or via written policies the importance of ethical behavior. The “tone at the top” is everything. Employees must see and hear management doing the right thing. If management disregards ethics and gives the impression that only the bottom line matters, then that attitude will inherently trickle down to employees. Unethical behavior leads to fraudulent behavior.
Public companies are required to establish a whistleblower process which often includes an anonymous hotline. While not required, private companies are urged to adopt similar disciplines. Every company should have a phone number and/or an e-mail address for employees to anonymously report questionable behaviors. The process for handling reports must detail how information will be handled, how responses will be made and what types of reports should be elevated to owners and/or audit committees on a timely basis.
Reporting Frequency of Financial Results
Management and owners should continually be informed of the company’s operational and financial performance via the financial statements. All too often, owners manage their companies by how much cash is in the bank, how much cash is scheduled to be coming in the door (accounts receivable) and how much cash is due to be paid (accounts payable). This approach is often inadequate in deterring fraud. Routinely analyzing the income statement, balance sheet and statement of cash flows is a good beginning and small- to medium-sized business owners should educate themselves about these three key financial statements. In addition, owners should look beyond the obvious to examine other areas. They should be alert to trends that may not be consistent with what is going on in the marketplace or what is aligned with their expectations. Key performance indicators should be developed and reviewed periodically and their results should allow management to quickly identify whether trends are unexpected or unfavorable.
In one example, a company’s chief financial officer fraudulently used an inconsistent fixed asset capitalization policy to defer expenses, ultimately leading to a restatement and lower earnings, even though the cash impact was zero. A routine review of capital expenditures and/or depreciation expense can proactively uncover this type of fraud.
Reconciliation and Analysis
At the end of each month, reconciliations of key general ledger accounts should be performed and signed off by a supervisor. But merely performing the account reconciliations often times is not enough. Analyzing the activity within the account during the month may reveal questionable activity or transactions that have been incorrectly coded.
Recently, a company’s internal controls were being evaluated for a potential buyer of the business. Although cash reconciliations were performed at the end of every month, the reconciliation form was never signed off by a supervisor. Upon step two of our analysis (looking at the activity within the cash account), it was found that some of the company checks were fraudulently written to a co-worker. The weakness in this company’s internal controls resulted in the buyer ultimately walking away from the deal.
Review Activity Classification
Management should be able to concisely explain what is in each of the general ledger accounts and to know why certain accounts fluctuate from month-to-month. If the largest expense category is “miscellaneous,” there may be a problem. “Miscellaneous” is an easy place to hide fraud or sloppy accounting behavior.
By establishing a financial limit on the size of individual items and the total amount that may be booked to “miscellaneous” without an extra level of review and approval, the potential for fraud is reduced. In addition, monthly trend analysis by an accountant may reveal that certain transactions are hidden in one or more expense categories that do not reflect the underlying activity. Or, items may be incorrectly recorded as non-operating expenses.
Journal Entry Query
Management should routinely investigate all transactions over a certain dollar threshold, including round dollar transactions and significant transactions recorded a few days before the end of a reporting period. This would enable the owners to ensure that nothing unexpected has the potential to skew the financial results. Owners should ask themselves whether cash expenses are normal, unusual and/or properly categorized. All payments should be properly supported by third-party documentation. For example, the vice president of finance of a client company facing bankruptcy realized that the company was not going to achieve a quarterly earnings target for debt covenant purposes. A journal entry was made on the last day of the quarter to recognize revenue by decreasing a doubtful accounts reserve. The entry was reversed in the subsequent quarter. When the fraud was discovered, the company lost its bank financing, and the client was forced to obtain expensive emergency financing. A review of unusual month-end or quarter-end activity may have timely identified the fraud.
Evaluate Metrics and Incentives
Businesses must be careful in creating incentives and compensation programs that could encourage employees to take undesirable risks or to consider “cooking the books.” Certainly key performance metrics of the company should be considered in incentive plans. With a carefully planned system of checks and balances and a comprehensive corporate governance program, these risks and fraud potentials can be mitigated so that everyone wins — employees and the company alike. Businesses should routinely consider and communicate potential impacts of strategic decisions on employee compensation plans.
A client company made a number of strategic changes in its business and capital structure that were not consistent with certain of its employee profit sharing plans. As the impact of the strategic changes on these plans would have resulted in the plans coming in well below stated metrics, the finance staff began to feel significant pressure to take more aggressive accounting positions on revenue recognition and certain reserves. This resulted in significant swings in EBITDA quarter over quarter and ultimately falling out of compliance with debt covenants.
On the surface, vendor selection appears to be a business decision with little risk of fraud. However, how well do you really know your vendors? Dealing with vendors that have been identified, cited or penalized by the Securities and Exchange Commission for bribing foreign officials or engaging in questionable practices, could result in adverse consequences for your company, including large fines, costly investigations and monitoring by an external accounting firm.
In today’s business environment, no matter how large or small, vendor diligence may be beneficial. Many companies believe that a Dun & Bradstreet report is enough, but a company’s ability to pay is not the only consideration. For example, owners may not be aware that a vendor is owned by a relative of the employee selecting the vendor, which could result in the company paying higher than market rates. To increase the probability that vendors are selected based on sound business principles, companies should develop a written procedure for selecting key vendors, including independent checks of financial and business references.
In summary, fraud prevention begins with a “tone at the top” expressing the importance of ethical behavior and the serious intent of management to create a business environment with many checks and balances. Vigilance must be consistent and surprise “spot checks” will ensure that accounting and financial procedures designed to deter fraud are working as intended. The total prevention of fraud cannot be guaranteed, but strong policies and consistent oversight can go a long way toward minimizing the possibility of fraud impacting an organization.
Andy Baker currently serves as a senior manager at financial consulting firm, Riveron Consulting. He has more than ten years of industry experience, which includes leadership roles providing accounting and financial services to public and private companies. Baker also has significant public accounting experience and has served a variety of industries including energy, software, manufacturing, retail and insurance. Founded in 2003, Riveron is headquartered in Dallas, TX and has specializes in serving middle-market private equity funds and companies growing through acquisitions.