Combating Insider Fraud

In these times of great uncertainty, it can appear that threats march toward your business in great numbers. It is easy to believe that the risks facing your business all come from the outside. However, the biggest threat to your business could be inside your business, working a few yards away from your office. That threat could be the very employees that you trust the most. That position of trust, sometimes earned by years of apparently loyal service, can create a great risk. It is difficult for some executives to consider the possibility that fraud, embezzlement, forgery, etc. could be happening today and be perpetrated by the most unlikely of people. Yet, it happens literally every day. This article will discuss simple methods regarding how you can avoid putting your business at risk from insider fraud.

The first, most basic, step to take is to adopt a mind set that any of your employees could be engaged in fraud. Human nature sometimes causes us to believe that insider fraud does happen, but that it happens to other businesses. It will not happen “here”. The truth of the matter is that you have to understand that insider fraud can, and will, happen anywhere. In order to take steps to protect your business, you must believe that the threat exists. So, without assigning the threat to a specific employee, accept the possibility that some employees can and will steal from your business.

Next, understand the basics of fraud and why it occurs. Three conditions generally take place to perpetuate fraud (sometimes called the fraud triangle). First, the employee feels some kind of pressure to commit fraud. The pressure could take the form of unpaid medical bills, past due mortgage payments, gambling debts, etc. Whatever the reason, the employee has a financial problem that is difficult to solve through “normal” methods. Second, the employee has the opportunity to commit fraud. This occurs when the controls to prevent theft within your business are ineffective or can be easily overridden. Third, the employee will probably rationalize their acts. An employee could believe that he or she is underpaid (therefore “due” more, so they are not really stealing), that the fraud is a temporary loan to be paid back when times are better, etc. A critical idea in constructing a system to prevent fraud is to understand that even an otherwise honest employee, given enough pressure, can steal from your company. Fraud literature tells us that most employees have a greater tendency to rationalize fraudulent acts as their financial pressure increases.

Of these three elements, notice that two reside with the employee and you have no control over pressure or rationalization. Opportunity, however, is an element that you can control. It is necessary to take several basic steps to create a system of controls that will reduce the opportunity for fraud. Here is a short list of fundamental ideas to consider:

1. Create and maintain an unambiguous culture of ethical behavior.
The “attitude from the top” sets the tone for the organization, and the appearance of tolerating unethical behavior can embolden employees to commit fraud.
2. Create a Policy on Fraudulent Acts with clear and unambiguous penalties.
3. Consider where fraud is most likely to occur in your business.
Ignore personalities and specific employees – focus only on where in your business the risk of fraud is the greatest. If necessary, establish a team to dissect the internal operations in order to list the operational areas with the greatest exposures.
4. Establish Controls to Prevent Fraud. Here are a few basic examples:
1. Segregate duties as much as possible.
Try to construct a situation that would require collusion between employees to perpetrate a fraud.
2. Use approved purchase orders to substantiate expenditures.
3. Limit access to systems.
4. Require documentation on all transactions (authorized, complete, correctly valued, etc.

5. Establish Controls to Detect Fraud. Again, here are a few basic examples:
1. Reconcile bank statements immediately upon receipt.
Look for forged signatures on checks, new vendors, etc.
2. Physically count inventory on a regular basis.
3. Review exception reports.
4. Make all employees aware that surprise inspections can occur at any time.

The establishment of effective prevention and detection controls should be an extensive project, and should be tailored to the risks inherent in your business. These methods collectively constitute your defense against insider opportunity.

Be aware that many commercial checking agreements require notification of any problem with the accounts within 30 days. This is why immediate reconciliation of the bank statements is important. This step also can shorten the time that a fraud can occur by early detection. Also, check your insurance program for “Crime” coverage. Many policies provide coverage in case of employee theft. The coverage is generally inexpensive, and the limits can usually be increased significantly before a fraud occurs. A properly constructed insurance benefit protecting your business from an employee’s criminal acts can be invaluable.

Insider fraud can cause significant damage to your business. Don’t let this happen. Make a real effort to understand the factors that increase the likelihood of fraud and then clear steps to detect and prevent its occurrence. This can be one of the most important steps you can take in protecting your business.

© 2009 Ron Box