Fraud committed by employees on their employers has been increasingly in the news. Scarcely a week goes by without news of some spectacular fraud at high levels in the big end of town. This may not seem to be relevant to the accounting technician working in a “normal” company, but in fact employee fraud is just as likely to occur in smaller companies.
Surveys indicate that about 50% of companies across the board experience significant employee fraud each year. The gross amounts lost by a small company may not be as much as that lost by a large company, but those losses can be just as devastating in terms of reduced profitability, cash flow difficulties, loss of reputation and staff demoralization.
Employees can defraud a company by stealing physical assets (products, supplies, raw materials), stealing money (cash, cheques, direct from bank), corruption (taking bribes to favour a particular supplier etc) or falsifying financial statements.
Fraud by stealing money.
Stealing money is attractive to fraudsters because unlike stealing physical assets it does not have to be converted to cash and is easy to keep out of view. A signed cheque to a false vendor is a lot smaller than a case of wine! On the other hand, stealing money is more difficult because without a clever scheme to cover up the theft the shortfall could soon be noticed when the books were balanced.
Successful stealing money frauds often run undetected for several years because the fraudster has figured out how to “close the loop” and cover up the losses. For example, an employee with the authority to approve vendor payments sets up a company which does no work but invoices their employer for services (unlike supplies, receipt of services is hard to verify). The employee then approves payment of these invoices. When the books are examined all seems in order.
The best approach is not to assume that you will always be able to spot a fraud when it is underway, but rather to take steps to reduce the risk of fraud. This is done by ensuring that the company’s systems and controls are designed to make it as difficult as possible for a fraudster.
The basic controls you can use to reduce fraud risk are:
- Proper authorization of transactions, activities and alterations to records
Any point at which someone could approve a financial advantage for themselves or an outside collaborator needs to be controlled by requiring authorization by a senior or a functionally unrelated employee. Examples are altering of credit limits, debtor write offs, purchase requisitions, and approval of overtime payments.
Certain highly vulnerable procedures require approval by two independent authorizers. These include signing of company cheques, and payments by electronic banking or over the Internet. Many companies which require two cheque signatories did not carry this practice over to electronic banking, potentially leaving themselves open to fraud.
- Segregation of duties
Any single employee should not carry out a sequence of duties which would allow them to steal money and then cover it up. Consider the case where an employee receives and totals cash and cheques, completes the banking deposit slip, does the banking, enters the receipts into the accounting system, and is also able to write off bad debts. If you think about it for a while, it is quite obvious how a fraudster in such a position could steal money and alter the records to cover it up.
Anywhere such a sequence of duties occurs they should be split between several employees so that covering up fraud becomes more difficult.
- Properly designed processes, documents and records
Key reconciliations and numbered documents are important here, as well as timely processes such as daily banking and monthly debtor statements which would reveal temporary dislocations in the accounts. Examples of important reconciliations are bank deposit slips to bank statements to cash receipts journal, and purchase requisitions to purchase orders. Reconciliations should be carried out or at least checked by a senior or a functionally unrelated employee to the person who carries out the underlying work.
- Adequate safeguards over access to and use of assets and records
Important here are physical access to financial instruments (blank cheques, cheque signing machine, signed company cheques, customer cheques, cash) and to the payroll records area, and access to the financial, business and payroll software. Computer passwords must be kept secret, not be shared, and should allow layered access to financial transactions depending on the employee’s position.
- Supervision and Independent checks
While there may be some initial resistance, a senior manager needs to accept the extra duties of understanding, checking and reviewing key financial reports and documents for unexplained variances or unusual entries. Examples are analysis of customer credits, bad debt write offs, scanning of journal entries for illogical transactions, and trend analyses in areas such as overtime, hours worked, expenses, commissions, bonuses, payroll, and number of people paid.
Obviously, reviewing and improving systems and controls is key to reducing fraud risk. Many organisations utilize the assistance of external experts in conducting an anti-fraud systems review, as they realize that their accounting staff are already overloaded with work, and that a fresh eye is valuable in assessing procedures that have become so routine that employees do not question them.