Workplace Theft: Who’s Picking your Pocket?
By Dave Peacos, cpa/cff, cisa, Risk Advisory Partner

When it comes to workplace fraud—employees secretly stealing a company’s assets—it’s not a matter of if it’s happening, but how much right now? In today’s economy, with mounting personal debts, high unemployment and rising prices, fraudulent activity is on the rise, ravaging storefront “mom and pop” companies to multinational Wall Street conglomerates.

According to a 2010 global fraud study conducted by the Association of Certified Fraud Examiners (ACFE), fraud accounts for about five percent of annual revenue losses. While business owners are preoccupied with running their companies and staying profitable, they may have their backs turned on trusted employees who have learned how to keep their illegal activities undetected. The same ACFE study found that 25 percent of closely-held businesses are experiencing internal fraud perpetrated by long-term employees.

So how do you detect fraud in your business, or prevent it from happening? First, understand the motives and mindsets. The three elements of fraud are need, opportunity and justification. For example, 1) does a need exist for an employee to steal from the company; 2) are there employees in your company who are in a position to take advantage of your assets; and 3) can someone justify the fraud because they are unhappy at work or at home. One major red flag is any individual who appears to be living beyond his or her means.

It is important, especially for small businesses, to implement strong, effective internal controls. Ineffective or insufficient internal controls are the most common factor when it comes to creating an environment ripe for fraud. Many companies devote the minimum amount of time and resources to ethics and compliance programs because these programs don’t generate revenue. However, when companies start implementing some of the following internal controls, they often see an increase to their bottom line.
 
1. Emphasizing Fraud Prevention
Management provides the foundation and fundamental control for fraud prevention practices. By continually emphasizing “ethical behavior” you can create a culture that promotes zero tolerance for fraud. For example, does your organization have a program for communicating fraud prevention policies and procedures to its employees, vendors, contractors and business partners? The performance measurement for employee theft would be based, in part, on the company’s ethics and code of conduct policies. Business and fraud-related risks constantly evolve, which is why an ethics and fraud awareness and training program should be a normal course of business.

2. Segregating Duties
Segregation of duties requires ethical leadership and the willingness to recognize that the potential for fraud exists everywhere. For example, payroll schemes often occur in companies where the accounting departments are thinly staffed or overworked. The same employee may authorize, or falsify, time cards or payroll rate information while responsible for creating and distributing payroll checks. To implement segregation of duty controls means that the company divides conflicting or incompatible responsibilities among more than one individual. In order to maximize its value, segregation of duties must be incorporated into all activities within the organization that present potential risk areas for fraud. Segregating duties establishes more clearly defined work roles and a way to detect honest mistakes that may be overlooked by one individual.

3. Restricting Information Technology (IT) Access
In order to properly segregate duties, it is essential to restrict IT access to proprietary and confidential information. These restrictions to information, data and systems should correspond to the work responsibilities as defined in job descriptions.  Access attempts are either granted or denied based upon the password, login and network directory information. Strong preventative IT controls can provide an ongoing automated process to minimize employee theft or the mishandling of company assets.

4. Maintaining Segregation of Duties
Anytime an individual’s job responsibilities change, the organization must ensure that no conflicting duties arise. IT access restrictions require ongoing attention; every time a new IT component is introduced, access rights and related controls must be evaluated. IT access directories must be continually updated with personnel changes and evolving roles. When a person leaves an organization, access rights should be deleted immediately.

5. Implementing Other Monitoring Controls
Staffing limitations, remote company facilities or tight time constraints for a particular process can mean that the implementation of segregation of duties is not always practical. When segregation of duties is not a viable option, organizations must use other means to deter fraud. Those measures might include detailed review of reports and scrutiny of external sources of information, including bank statements. Routine checks of various processes should include confirming with vendors and customers that transactions took place as documented.

The Full Benefit of Implementing Segregation of Duties to Prevent Fraud

Even when companies identify and fully investigate a fraud scheme, they rarely recover the total known financial losses. It is even more difficult to recover stolen intangible qualities like a company’s credibility, goodwill and trust. By segregating duties within a company, you are establishing a system of preventative controls that function continuously, sustain the organization and diminish fraud risks. A policy to segregate duties acts to keep the organization from ever having to deal with the aftermath of fraud detection.

Learning about fraud—and how to stop it—can be the least expensive way to identify your organization’s weaknesses and preserve profits and growth that are the lifeblood of any company. A strong anti-fraud prevention plan provides an increased level of confidence in your organization from your corporate board, audit committee, regulators when applicable, and shareholders.

About Dave Peacos

Dave Peacos is a Risk Advisory Partner at GH&I and also serves as lead partner of the firm’s fraud, forensic and litigation support service team. He has earned the Certified Public Accountant/Certified in Financial Forensics and Certified Information System Auditor (CPA/CFF, CISA) credentials. He provides fraud and forensic accounting services through fraud investigations and anti-fraud education.
 

This article ran in the September 11, 2011 edition of the Atlanta Journal Constitution.