Thursday, March 29, 2018

How is Fraud Prevention Like Flossing?

Investment Banking

James A. Gravitt, CPA, CBA, ABV, CFE | Hilliard Lyons Investment Banking

Since you were big enough to sit in a dentist’s chair, you have been encouraged to floss your teeth daily. Surveys show a strong relationship between flossing and dental health. Yet only about 30% of Americans do floss every day; another 37% floss sometimes, and 32% never do.

Preventing fraud is similar – companies know they should act regularly to prevent fraud, but they often fail to act until some fraud event occurs. According to the Association of Certified Fraud Examiners (ACFE), companies lose, on average, five percent of their annual revenues to fraud. This is a frightening statistic when considering that, for many companies, five percent may constitute their entire profit margin!

While a disproportionate amount of theft is committed by employees in senior positions, every aspect of a company’s operations presents opportunities for employees to steal. Employee fraud schemes can be grouped generally into six categories, each with commonsense preventive measures to employ:

  1. Asset misappropriation
  2. Vendor fraud
  3. Accounting fraud
  4. Payroll fraud
  5. Theft of proprietary information
  6. Bribery and corruption

Asset misappropriation

Asset misappropriation is defined as the wrongful taking of company assets. Methods are many, including check theft, check forgery, inventory theft, theft of cash or services, filing false expense reports, purchasing schemes, and unauthorized personal use of company assets such as vehicles.

You can guard against asset misappropriation by:

  • Conducting thorough background checks on new employees.
  • Implementing job rotation in your HR (human resources), accounting, and purchasing departments.
  • Separating the authorization, recording, and disbursement functions for expense reimbursement.
  • Having the company owner or management review company bank statements.
  • Performing internal audits of company accounts.
  • Adequately securing check stocks.
  • Requiring dual signatures on checks.
  • Promoting an anonymous hotline for employees to report suspected wrongdoing.

Vendor Fraud

Companies are victimized by employees acting alone or in collusion with vendors, and also by vendors acting alone and in collusion with other vendors. Examples of vendor fraud include billing schemes (creating a fictitious vendor), bribery and kickbacks, overbilling, and price fixing (involving competing vendors who collude amongst themselves to set a minimum price or price range).

Some best practices to guard against vendor fraud are similar to those preventing asset misappropriation:

  • Conducting thorough background checks on new employees.
  • Separating the functions of check preparation, check authorization, and disbursement.
  • Establishing a job rotation practice.
  • Performing random self-audits of vendor files.
  •  Performing due diligence when setting up new vendors by verifying contact data, entity registration, etc.
  • Data mining to uncover abnormal patterns.
  • Comparing vendor addresses with employee addresses.
  • Reviewing vendor files for reasonableness and inconsistencies with past activity.

Accounting fraud

Accounting fraud is the most frequent type of employee fraud, according to the ACFE, and involves the manipulation of a company’s accounting system to commit theft. Often, the company’s accounts payable and receivable systems are used for this purpose. Fraudsters involved in accounting schemes are often “trusted” employees in positions that have little or no oversight. Accounts receivable frauds in this category include:

  • Lapping – where the employee covers up the theft of funds from a customer’s account by recording the payment by a second customer to the first customer’s account, then applying the payment by a third customer to the second customer’s account, etc.
  • Diversion – An employee keeps the funds recovered from an account that has been written off as doubtful or uncollectible.
  • Fictitious accounts or sales – Fictitious accounts and sales are created to make the company appear more profitable to investors and creditors or to boost commissions that are based on accounts opened or on sales volume.

To prevent and detect accounting fraud, consider the following safeguards:

  • Separate the functions of account setup and approval.
  • Conduct random audits of account payable and accounts receivable records.
  • Have an outside contractor review and reconcile accounts periodically.
  • Rotate duties of employees in accounts payable and accounts receivable functions.
  • Enforce mandatory vacations for employees handling accounting functions.
  • Set up an automated positive-pay system, such as those offered by the cash management departments of commercial banks. In their simplest form, these types of services match the account number, check number, and dollar amount of each check presented for payment against a list of checks previously authorized and issued by the company.

Payroll fraud

Payroll fraud is a common type of employee fraud, occurring in 27% of businesses and lasing for an aver-age of 36 months, according to the ACFE. Payroll fraud schemes include adding “ghost” (non-existing) employees to the payroll system, payroll advances that are not repaid later, timesheet/ time clock falsification, and diverting payroll tax payments, then filing false payroll tax returns.

To lessen the likelihood of payroll fraud, consider:

  • Regular reconciliation of payroll accounts to the company’s general ledger.
  • Supervisor approval of timesheets and overtime hours.
  • Payroll department job rotation, segregation of duties and mandatory vacations.
  • Supervisor approval for changes to employee pay rates and hours.
  • Data analytics of payroll records to look for matching addresses, names, bank accounts, etc.
  • Review of records to ensure that terminated employees are removed from the payroll.

Theft of proprietary information

This category of employee theft encompasses the full scope of a company’s valuable intellectual property (such as patents and trade secrets), an increasingly vital area for companies today. Information theft can also include items such as customer lists, prospect lists, sales contracts, and product formulations.

To lessen the threat of information theft, consider the following safeguards:

  • Restrict access to proprietary information to only those needing to know.
  • Establish data controls to alert management of large data downloads or transfers.
  • Invest in a robust internet data security package and back up critical information systems regularly.
  • Purchase software that alerts management to suspicious activity on company networks.
  • Secure confidential information properly by shredding documents and completely removing data from electronic devices before redeploying or disposing of them.
  • Implement a robust password policy, including frequent changes.
  • Prohibit employees from keeping sensitive information on their desks while they are away

Bribery and corruption

Bribery and corruption are often the essential ingredients in perpetrating the frauds discussed above. High profile bribery and corruption, when publicly exposed, can significantly damage a company’s reputation and market position far beyond the immediate financial impact. Bribes, kickbacks, use of shell companies, and product/ingredient substitution are examples of this type of employee fraud.

To help prevent and detect bribery and corruption:

  • Have a strong code of ethics that every employee must formally acknowledge annually.
  • Set the proper “tone at the top” by having company leaders make clear that bribery and corruption are not tolerated.
  • Consistently discipline employees who breach the company’s code of ethics.
  • Conduct due diligence on all third parties the company has dealings with.
  • Train all employees in identifying, reporting, and preventing bribery and corruption.
  • Recognize and reward employees for practicing ethical behavior.
  • Maintain a whistleblower hotline for reporting suspicious activity anonymously, and reward employees who come forward to report it.

According to the ACFE, most employee fraud is detected through tips hence the importance of implementing a whistleblower hotline as noted above. While the entire body of preventive measures to prevent employee fraud comes down to the purposeful use of plain common sense, many companies fail to apply these measures. Why? Maybe because implementing anti-fraud measures is time-consuming and somewhat burdensome. Even so, when compared to the tremendous damage that can result from employee fraud, taking vigilant steps to limit this risk can be among the best investments a company makes. (Meanwhile, if you’re not yet a daily flosser, that would be a simple New Year’s resolution for you to consider...)

We believe that the information in this newsletter is reliable, but we do not guarantee its accuracy, and it may be condensed or incomplete. This newsletter is for information purposes only, and is not intended as financial, investment, legal, or consulting advice.