Protecting Your Organization Against Employee Fraud

Friday, December 1, 2006 - 00:00

Editor: Please describe to our readers the Amper Litigation Services Group and its services for preventing fraud within an organization.

D'Uva: Amper's Litigation Services Group consists of a team of forensic accountants and certified fraud examiners who conduct investigations to detect employee embezzlement, kickback schemes, and financial statement fraud. We work with many types of organizations including public and private entities, nonprofit organizations, governmental entities and a variety of industries. Our experience extends to work with attorneys in both civil and criminal lawsuits.

Generally, we are hired to document and quantify the losses that are incurred by our clients. We work with in-house counsel and outside counsel to assist in recovery of lost assets and provide independent expert reports that will be utilized at trial or by the prosecutor's office. In addition, we provide expert witness testimony at trial to support our findings.

Editor: What are the most common types of fraud that an organization is exposed to during the course of business?

Hersh: There are three major types of fraud. There is asset misappropriation, corruption and financial statement fraud. Today the majority of attention is focused on financial statement fraud due to scandals such as Enron and WorldCom. This type of fraud has the most severe impact on an organization and the largest financial losses. However, it is the most infrequent type of fraud. The most common type that affects organizations is asset misappropriation, which is the theft or misuse of an organization's assets, usually involving the theft of cash.

D'Uva: For example, some employees may engage in disbursement schemes where they create vendors that do not exist and disburse monies to the fictitious vendors. They may fabricate invoices for services that were not performed or inflate invoices for services that were performed. Another scheme is to write checks to themselves but record a different payee on the corporation's records. Some employees also enter into agreements with consultants or outside vendors who overcharge for their goods or services. The excess amount charged is then split between the fraudulent employee and the outside vendor or consultant. This may also be referred to as a kickback scheme.

Editor: Clearly, these activities will have a negative impact on a company's bottom line and investor confidence. What are the regulatory and reputational dangers for a company?

Hersh: Today, companies are facing increased regulatory pressures and responsibilities to the public. In addition to Sarbanes-Oxley, the rise in identity theft and the threat of terrorism has caused a focus on privacy laws and anti-money laundering regulations to name a few. An organization that is negligent in its compliance with these laws may be subject to large fines, increased regulatory requirements, lawsuits and the loss of reputation.

Nonprofits are especially susceptible to the loss of reputation if they fail to adequately safeguard their contributions. For example, in 1992 the United Way's president was accused of misappropriating funds to support his lavish lifestyle. As a result, contributions to the United Way began to fall dramatically in the following years. Recently, in 2005, a prominent charitable organization failed to safeguard the contributions related to the Katrina victims that might have a huge impact on future contributions to that organization.

Editor: What types of controls should a company implement in order to detect and prevent fraud?

D'Uva: There are several things that a company can do to deter fraudulent activities. The first step is to create a culture and foster an environment that does not tolerate fraud. It is necessary to communicate this to employees.

The next step is to understand the processes within the organization and to implement a system of strong internal controls. An employee's understanding of the company's system of internal controls is extremely important for deterring fraudulent activities. Employees should be educated on how to recognize fraud and the detrimental effects that it can have on an organization.

Lastly, with these elements in place, the company should also implement a mechanism for reporting fraud such as a hotline so that an employee who detects or suspects wrong doing can anonymously report his suspicions to management.

Hersh: In most of our investigations we are engaged to investigate activities that were initially uncovered by an anonymous tip from an employee or a third party. Studies have shown that tips from employees or third parties are the number one method of detecting fraud.

Under Sarbanes-Oxley, audit committees are required to provide a mechanism to employees to report anonymously any type of irregularities. We recommend that all organizations, not just those subject to Sarbanes-Oxley, implement this hotline.

Editor: Why is it critical for an organization to have the proper tone coming from top management?

D'Uva: If upper management projects an image of high ethics and zero tolerance it will set the standards that employees will be expected to meet.

Hersh: By setting these standards, employees will understand that if they commit fraud within the organization, it will not go undetected and the organization will investigate and prosecute. Fear of being caught committing fraud is one of the most effective deterrents. Organizations with lenient controls are more at risk because employees will have more opportunities available, and they will believe they can commit the fraudulent act without consequences.

Editor: What topics should an educational system cover so that employees and top management are well indoctrinated in business ethics and alerted to compliance issues?

D'Uva: Organizations should implement awareness programs that include recognizing the red flags of fraud, the consequences of fraudulent activity and the detrimental effects on the organization. Employees should be able to recognize fraud and know what to do if it occurs.

In my experience organizations focus their training efforts more on formal compliance than on detecting or preventing fraud.

Editor: How can an antifraud program protect a company from unscrupulous employees?

Hersh: The purpose of an antifraud program is to eliminate or minimize the opportunities to commit fraud and to create awareness regarding the consequences of committing fraud.

Opportunities are minimized through strong internal controls. Awareness is created through education and a formal fraud policy. The purpose of the fraud policy is to communicate the organization's policies against improper conduct and to minimize the organization's exposure to litigation. The policy should require employees to notify management or the audit committee depending on the circumstances, whenever they suspect fraud and clearly indicate that the organization will investigate all claims that are raised and prosecute those that are found to be legitimate.

Editor: What clues should employees look for when they believe that a co-worker may be engaging in fraud?

D'Uva: Some of the signs are employees who never take vacations or those who have passions that require money, such as gambling. There may also be workers with expensive lifestyles whose salary does not cover that lifestyle. Employees who formally file for bankruptcy or have persistent credit problems are sometimes motivated to defraud an organization. Other pertinent signals include personality changes or material outside business interests that require capital.

Within a corporation, an opportunity for fraud may be created when management is too trusting of one individual or gives too much control to one person. Loose and relaxed attitudes towards internal controls, where there is inadequate separation of duties, tend to provide increased opportunities for fraud to occur.

Hersh: In our experience the perpetrators tend to be individuals with no criminal history who are responsible for handling the financial books and records of the organization. These individuals have been long-time employees, trusted by the owners or management. As a result of this trust and the knowledge of the company's control weaknesses, the individuals were able to override controls that were put in place by the organization.

Editor: Are large companies with global operations more at risk for fraud then smaller domestic ones?

D'Uva: All organizations are at risk for fraud. Small organizations are more susceptible to misappropriation of assets because control of assets rests with a few people, and it is more difficult to segregate responsibilities among employees. When one individual has control over cash disbursements and there are not good internal controls in place, the situation creates an opportunity for an employee to commit fraud.

Editor: What are some of the common mistakes that organizations make with respect to fraud investigations?

Hersh: The most common mistake is that companies fail to retain counsel when fraud is uncovered. This is needed to protect the attorney/client privilege with respect to the internal investigation and to provide legal advice about how to proceed against the employee. Even employees who commit fraudulent acts have legal rights that are often violated by organizations who react quickly to investigate or discharge that employee. These organizations find themselves in lawsuits for wrongful termination or violation of worker privacy when they act without proper legal advice.

Other common mistakes are not engaging the services of independent fraud investigators or a data forensics team. In our experience organizations will begin by conducting internal investigations and by retaining their external accountants. The external accountant may not be experienced in performing fraud investigations and may have a conflict of interest because he or she is already involved in the preparation, review or audit of the organization's financial records. If the organization subsequently decides to file criminal or civil charges, the organization may need to retain an independent forensic accountant to also perform an investigation. If a data forensics team was not utilized, electronic evidence may have been spoiled and therefore inadmissible at trial. Working with a qualified independent forensic accountant from the start will reduce overall costs, provide a high level of skills, knowledge and experience and ensure proper handling of evidence.

Our Amper team of forensic accountants consists of both CPAs and CFEs experienced in conducting fraud investigations and providing written reports and expert witness testimony to support our findings. We have experience in coordinating our efforts with data forensic teams, in-house counsel, outside counsel and the prosecutor's office.

Please email the interviewees at duva@amper.com or hersh@amper.com with questions about this interview.