I Spy Fraud
Avoid being the next victim of corporate cons and crimes.
By Sheryl Nance-Nash
Fraud is a multibillion dollar problem. Last year, American businesses lost $660 billion to fraud, up from $600 billion in 2002 and $400 billion in 1996, according to the Association of Certified Fraud Examiners (ACFE) in its 2004 Report to the Nation.
While corporate scandals like Enron, WorldCom and Tyco have grabbed headlines in recent years, privately held companies and nonprofits are not immune to trouble.
“Fraud is fraud—abuse of power, abuse of position and abuse of trust,” says Brad Sargent, senior manager and forensic practice group leader in the Chicago office of Plante & Moran PLLC, which specializes in fraud and financial investigations.
Its impact goes straight to the bottom line. Though major corporations may be able to withstand a hit of $1 to 2 million, smaller companies and nonprofits might never recover. All entities are vulnerable. There are three factors in any kind of fraud: “Opportunity, motive and an absence of integrity—the person has the ability to rationalize his or her behavior,” says Ken Neumann, director, Litigation Support and Business Valuation at RGL Forensic Accountants and Consultants in Chicago.
Fraud is a pervasive problem, not likely to go away anytime soon, especially with tools like the Internet that can be misused for ill-gotten gains. Being proactive is no longer optional. It’s a necessary component of good business.
Public companies must comply with new requirements under the Sarbanes-Oxley Act, and those requirements are beginning to trickle down to private companies and nonprofits, as well. Protecting your organization is a top priority. Here’s what you need to know.
Potential targets There is no shortage of schemes, whether it’s an employee duping the company, or management fictionalizing the financials to keep investors in the dark or taking money for their own benefit.
“[Hypothetically,] a CFO or controller could show accounts receivables on fraudulent accounts to get access to working capital from a lender. They think they are saving the company, but they are just getting it into deeper trouble,” says Michael Baratta, a CPA and certified fraud examiner with Chicago’s Vector Consulting, which helps financially troubled companies regroup.
Inventory is ripe for pilfering, especially if it’s high value, there’s demand on the street for it, and it’s portable, like auto parts, computer chips, and the like. The financials can be manipulated endlessly, from overstating revenues, prematurely booking sales, underestimating consignment sales, nondisclosure of inventory commitments and failing to write-off uncollectibles, explains Pamela Naughton, a partner in the white-collar criminal and civil fraud practice group at Sheppard, Mullin, Richter & Hampton’s San Diego office. Companies can claim they have more assets than they do, they can claim a higher value than is true, or they can overstate sales—the opportunities are ripe and plentiful.
Financial statement frauds can be the most expensive, according to the findings of the ACFE study. In fact, one-in-six financial statement fraud schemes cost its victims at least $10 million, with three cases generating at least $50 million in losses.
Corporate travel is also a hot target for fraud, says Jeff Cronin, VP of Marketing Solutions for Gelco Expense Management in Eden Prairie, Minn. He explains that approximately 14 percent of fraud is related to travel and expense reports, up from 12 percent in 2002, according to a study conducted by the ACFE.
The study also reports that the cost per incident has risen from $60,000 in 2002 to over $90,000 in 2004. Employees have gotten creative; for example, there have been cases where an employee purchases full fare airline tickets, getting a second discount ticket and pocketing the difference, “which can be thousands of dollars per trip,” says Cronin. “One client saved $13 million just by eliminating this one source of fraud,” he explains. Cronin also reports incidents where employees booked a fare, canceled the ticket, and then submitted the purchase receipt. Aside from travel expenses, he’s also seen employees charge a $35,000 funeral on a corporate card, as well as wedding expenses and mortgage payments.
Assess vulnerabilities Most fraud doesn’t happen in a vacuum. There are usually red flags that should stop you cold if you are really paying attention. Naughton highlights a few of them: Incentives: Stock options vesting, the impending sale of the company, unrealistic earnings targets above industry norms, impending financing. Overly complex corporate structure: Special purpose subsidiaries, joint venture financings, offshore entities.
Other eyebrow-raisers: No audit committee or independent directors, no budget for audit, missing or incomplete documents, failure to produce documents in a timely manner, invoices from nonexistent companies, claims made in duplicate or altered invoices, vendors whose addresses are post office boxes, billing for goods or services not provided, inflated costs or substitution of cheaper goods, employees who don’t want to take vacation or who turn down promotions.
Quite frankly, a lot just comes down to common sense. “Companies can’t keep growing 20 percent a year, year after year. If it’s too good to be true, it is,” cautions Sargent. “Look at year-to-year growth, and if there’s a dramatic increase, without a logical reason for how sales may have increased or costs dropped, you have to look at ratios to see if they are out of whack,” he explains.
And on an individual level, if someone’s lifestyle seems to change suddenly—say they are sporting a new car, new clothes or a new home—or if an employee has pressures like a spouse losing a job, or a spouse who is a gambler, those can be factors that might push him or her to commit fraud.
What’s important, says William Bradshaw, partner, with Matson, Driscoll & Damico, a forensic accounting firm in Chicago, is that hunches are followed up on. “If you’re not sure but you suspect something, change your control system to see what happens.” [ ^Top ]
Protect your business While some business protection strategies make sense for any type of entity, there are some approaches and concerns that vary by the size and type of company.
Public companies Sarbanes-Oxley requires publicly traded companies to establish confidential reporting mechanisms for employees. Fraud “hotlines” have proven effective. According to the ACFE, occupational fraud in its study was much more likely to be detected by a tip than through any other means, such as internal audits, external audits and internal controls. Among frauds committed by owners and executives, which tend to be most costly, over half of all cases were identified by a tip. “The reporting and monitoring required by SOX helps enable a company to catch problems before it becomes fraud,” says Neumann.
While Sarbanes-Oxley certainly has made corporations more sensitive to fraud, Thomas Nihill, managing principal of Nihill & Riedley, a Philadelphia forensic accounting firm, says public companies must think harder about their culture. “They must establish a culture where, from the board of directors, the CEO and top management on down, everybody gets the message that fraud is not tolerated, that the consequences will be dire,” he explains. The norms and standards of behavior must be clear. He recommends a written code of conduct, which outlines the company’s ethics and principles, what’s acceptable and what’s not; and it must be backed up through action against those who do not abide by the rules and standards.
Simply put, there must be buy-in at every level of the organization, says Evan Tegethoff, practice manager of Strategic Security Solutions for Forsythe Technology in Skokie, Ill. “Everyone should understand and respect what the company is trying to put in place.”
People are less likely to engage in inappropriate action when they know someone’s watching. “Tough policies can be a deterrent,” says Nihill.
Top management should not preside in an ivory tower. “The best companies have management that has its sleeves rolled up, and knows the nuts and bolts of the company. More importantly, the top managers have to understand financials, and that responsibility cannot rest solely on someone else. It’s all about numbers,” says Baratta.
Private companies Some small companies leave themselves open to fraud because of poor internal controls, such as separation of powers. “They have the same people opening the mail, doing the books and depositing checks. They have too much power in too few hands, which can make it easy to disguise negative activities,” says Ken Waldych, director, ESBA Capital Group, a turnaround consulting company in Baltimore.
Hiring two people instead of loading up the responsibility on one may seem expensive on the front end, but in the long run it could save a small-business owner his or her business. Checks and balances count. The median loss in the ACFE study for a small company was $98,000, a big hit for, say, a dry-cleaning store or florist on the corner.
Private companies, especially smaller ones, also may be guilty of not putting an organized security policy in place. “Not having a policy is a time bomb waiting to explode. People are waiting to take advantage of you,” says Steve Pollini, CIO, SiVault, a San Jose, Calif. company specializing in business intelligence products and services.
There’s a lot at risk, like sensitive customer information and other data that, if compromised, could be disastrous. There’s no shortage of privacy concerns, and companies having to apologize to customers for leaks of information face a steep climb back to the top of public faith.
A change in attitude may be necessary for some private companies. “Some don’t take internal controls seriously; they view it as an impediment to doing business. They not only need to put controls in place, but they also need to keep them up-to-date, to test and audit procedures, and to get extra assistance from independent auditors,” explains Nihill.
Nonprofits Nonprofits, in particular, are well advised to be more proactive in the hiring process. Background checks, particularly for key positions, should be seen as an investment, not an expense.
“Traditionally, nonprofits may not have had sophisticated hiring procedures. They must show greater care in hiring employees to protect against embezzlement. Often these people have had a criminal background or other prior history that would make you think twice about hiring them. They have to get more professional in their screening,” says Waldych.
Nonprofits also may lack an all-important audit staff. The CFO approves disbursements and signs checks. “The CEO should look at the disbursement registrar and ask questions. The CEO should be more involved as a way of staying on top of what’s going on,” explains Baratta. Patterns should be reviewed and anomalies not ignored.
And, he adds, although Sarbanes-Oxley requires that only public companies have a confidential hotline for reporting tips, nonprofits and private companies should adhere to the practice, as well.
Forget the buddy-buddy system of board selection. In the nonprofit world, says Nihill, board selection often can be dominated by the CEO. Those members then may be reluctant to rock the boat—to raise important questions that could be seen as a challenge to the CEO’s authority. Misplaced loyalty can backfire on the nonprofit, as the board needs to provide checks and balances. Worse, says Nihill, “In the nonprofit world, sometimes the money doesn’t feel like it belongs to anyone; contracts go to people’s friend; the process can be loose.” The need for much tighter controls is increasing.
Trust is almost a given in the nonprofit arena; it appears as though everyone is dedicated to the organization’s worthy cause, that they are emotionally, physically and mentally committed. Not surprisingly, there is therefore a high degree of trust which puts nonprofits at the highest risk of all when it comes to fraud, Sargent points out.
No matter the type or size of your entity, don’t underestimate employees. As Cronin explains, “Fraud control is a journey, not a destination. You have to revisit the systems you devise. When you close one set of doors, you open another.”