Anda di halaman 1dari 56

How to Prevent your Staff from

Defrauding
Ruining
and Business
your

By: Aaron
How to Prevent your Staff from Defrauding and Ruining your Business

This is your chance to peer into the world of understanding fraud and
fraudulent practices.
I sincerely wanted to thank you for buying into this product and YOU will never
regret it,
I will unveil to you what the Business Schools teaches their Executives-Facts
about fraud and how to prevent it.
If you own a Company either a small scale/ Medium scale or a large
Company, this book can be the ideal panacea to your worries.
If you intend to set up a Company, this book can serve as the ideal guide that
you need.

I have been able to give you steps you can institute in your firm in order to be
able to audit your Companies yourself. I have also attached How to set up
ICS( Internal Control System in your Firm)
However before a successful audit is carried out or an Internal Control System is
set up in your firm, Its imperative for You to determine that important steps that
need to be taken in order to mitigate/ eliminate fraud in your Firm.
The cost of fraud is not limited to the amount the fraudster has taken from your
business – it also includes the time spent uncovering the fraud and proving who
committed it – time better spent on growing your business.And of course there
are likely to be Professional/Statutory payment/ legal fees.

So it pays to do as much as you can to prevent your business being defrauded.


Regardless of size, all organizations are vulnerable to workplace fraud. Fraud
can take many forms—including embezzlement, forgery, theft of inventory and
other assets, and computer crime—and can continue unchecked for years.

The financial impact on an organization of these so-called “whitecollar” crimes


can be devastating.

Understanding the impact of workplace fraud,and the potential losses


associated with fraud and establishing effective loss control measures are
critical for companies from cost,
cultural,
and risk management perspectives.

■Workplace fraud is a common, everyday occurrence. Every


business—large or small—is vulnerable to these crimes.
How to Prevent your Staff from Defrauding and Ruining your Business

■Workplace fraud can have a substantial impact on a business's


“bottom line” and even on its continued survival and success.

The financial impact of workplace fraud can be significant and can occur in the
form of direct,indirect,and/ or intangible costs.In addition to direct losses of
tangible assets,such as cash,inventory,and securities,loss of competitive
advantage,reduced ability to meet customer needs,reputation impairment,
and disruption of business operations are some of the potential indirect and/ or
intangible costs to a business.

■The challenge of combating fraud directed against a business is


increased by the diversity and deceptive nature of those crimes.
Deception is a key element of workplace fraud, and a company may
realize too late that it has been victimized.

■ An appropriate response to the threat of workplace fraud requires


understanding potential areas that are “at risk,” recognizing the fraud-related
threats,and understanding the potential fraud origination points,both internal
and external.

Although it is not possible to completely eliminate fraud risk,it is possible to


reduce the risk and to minimize fraud-related losses and other consequences
through effective loss control measures.

DO NOT WORRY.I HAVE WRITTEN THIS BOOK WITH YOU IN MIND. ALL
NECESSARY TIPS REQUIRED TO ACHIEVE AND MITGIATE THIS MONSTER
CALLED FRAUD IS LAID BARE IN THIS BOOK

Fraud risk management includes establishing effective loss control measures


that focus on prevention,detection,and response.Given the potential costs of
workplace fraud, proactive fraud risk management makes good business sense.

THE THREAT OF FRAUD


Bottom line:Businesses are targets for crime because they have something of
economic value.Fraud perpetrators believe that they can successfully steal,
How to Prevent your Staff from Defrauding and Ruining your Business

compromise, or use some of that value.


There is virtually no limitation to the means that may be employed to accomplish
a criminal objective.The criminal mind is ever alert to seemingly new and unique
ways to separate a business from its assets.

Crimes that businesses face generally may be categorized as:


■“Street crime,” such as robbery and burglary.
■“White-collar crime,” such as fraud, misconduct, and related
financial threats.
How to Prevent your Staff from Defrauding and Ruining your Business

The focus of this booklet is on the white-collar fraud threat.

Defining Fraud
Anti-fraud professionals agree that fraud ( and misconduct)encompasses
activities involving dishonesty and deception that can drain value from a
business,either directly or indirectly,whether or not the perpetrator(s)benefit.
Fraud involves the intent to defraud;that is,
the perpetrator relies on
· His or her deception to accomplish—or hide—the fraudulent activity.
· Fraud is not accomplished via honest mistake or error.
· Fraud can manifest itself in a wide variety of ways and originate from a
number of different sources.
· Fraud that is perpetrated by employees,consumers,and vendors
dominates most instances of fraud experienced
by businesses.

Understanding the fraud threats against your business,as well as why fraud
typically occurs,are first steps in analyzing fraud risk and developing an
appropriate plan for managing that risk.

The Fraud Triangle


What motivates people to commit fraud? As an experienced Accountant,I have
identified three elements that are often present when fraud occurs.These three
elements form the “fraud triangle.”

“Opportunity” refers to the situations and circumstances that make it possible


for fraud to take place.For example,an employee with uncontrolled access to
How to Prevent your Staff from Defrauding and Ruining your Business

company funds has the opportunity to misappropriate those funds.

Opportunity is,generally,the element that a business can most effectively


influence,impact,and control.An important action a business can take to
reduce crime exposure is to assess the opportunity for fraud and respond
accordingly.Responding to fraud risk includes development and use of
effective internal controls to reduce,mitigate,or even eliminate opportunities for
fraud.

“Pressure or incentive” helps explain why and when fraud occurs.Fraud takes
place when fraud pressures or incentives outweigh,and ultimately overcome,
the pressures or incentives to act honestly.Thus,pressures or incentives can
become the motivation to act fraudulently.Pressures and incentives to commit
fraud are often associated with:

■ Lifestyle issues (living beyond one's means).


■ Personal debt ( e. g., rent payment,children school fees,gambling
losses, use of drugs or alcohol).
■ Business results ( e.g., poor operating results,desire to avoid business
failure,meet requirements of lenders).

If a company can recognize when and where excessive pressure/ incentives


may be present,it can use that information in fraud prevention and detection
efforts and take action to mitigate business-related pressures/ incentives in
order to reduce fraud risk.

An effective fraud prevention program can increase pressures and incentives to


act honestly by emphasizing a “perception of detection,” underscored by the
company's demonstrated, consistent commitment to taking appropriate and
certain action once fraud is discovered.

“Rationalization” refers to the need for people to somehow justify their fraudulent
actions in their own minds.A person involved in a fraud attempts to
psychologically accept his/ her own actions and emotionally “shift the blame” to
anyone or anything other than him/ herself.
How to Prevent your Staff from Defrauding and Ruining your Business

Common rationalizations include:


■ Entitlement: “They don't pay me what I'm worth. I have this money coming
to me.”
■ Anger or revenge: “The company has treated me poorly; now they're
going to pay.”
■ Minimization: “I'm not taking very much. The company can easily
afford it.”
■ Moral justification: “Everyone else is doing it,so it must not be so bad to
do this.”

Rationalizations are not generally known to others and therefore are usually
difficult to detect.In addition,persons with low moral integrity may feel little need
to rationalize their behavior.

THETYPESOFFRAUD

The categories of Fraud are


■Asset misappropriation,
■Fraudulent financial statements and records,
and
■Corrupt or prohibited practices.

Asset Misappropriation
Simply put,asset misappropriation can be thought of as a theft of something of
value that belongs to your business.When it comes to asset misappropriation,
“cash is king.” In other words,
cash is the most frequently targeted asset.
Consider:
■ According to a survey,93% of the asset misappropriation cases
studied involved cash
■ “Cash” targets include currency and coins,cheques,electronic funds,
financial instruments,rebates,credits,discounts,and virtually any other
device or means of financial exchange or enrichment.
■ Cash is targeted for obvious reasons—it has a clearly known value,is
easily transferable and transportable,is difficult to trace,and may even
be diverted before any record exists on company books.
■ Cash may be targeted by external or internal perpetrators or even by
both via collusion.
How to Prevent your Staff from Defrauding and Ruining your Business

Cash-diversion schemes range from simple skimming of


sales receipts to complex frauds involving:
■ Billing,
■ Payroll,
■ Expense reimbursement,
■ Cheques, including alteration and diversion of legitimately issued
cheques, and
■ Sales and remittances, including point-of-sale “till tapping.”
Other common targets of asset misappropriation include merchandise and/ or
other inventory,equipment and supplies,and even waste,scrap, salvage,or
surplus property.

Generally,high-value assets that are easy to transport and to dispose of are at


highest risk. Prime examples of high-risk assets include laptop
computers, which pose the additional risks of confidential data disclosure and
possible facilitation of unauthorized information-system intrusion.

Experience indicates that virtually any type of asset can be targeted.


Company services may also be appropriated. For example:
· A manager of a construction firm uses “on the clock” company
employees to remodel his home,or perform landscaping and/ or
maintenance work.
· An administrative assistant uses her employer's express mail delivery
service account to routinely send packages to members of her family in
other parts of the world.
· An account officer takes patty cash directly from the Cash till and
records fictitious expenses

Fraudulent Financial Statements,


Books,
and Records
The financial statements (
internal and external),books,
and records of a business may also be targets for fraud.
Specifically,
they may be:
How to Prevent your Staff from Defrauding and Ruining your Business

■ Manipulated to hide fraud (e.


g.,
to prevent discovery of an asset
misappropriation), and/ or
■ Falsified to accomplish a fraud ( e.
g., to cause unjustified financial
rewards,such as executive bonuses based on falsified financial
performance data).

Corrupt or Prohibited Practices


Corrupt and prohibited business practices include the
following closely related concerns:

■“Side agreements” involving undisclosed rebates or kickbacks, and


■Bid-rigging,bribery,and extortion.

Corrupt and prohibited practices often involve hidden arrangements with


customers and suppliers of goods and services to a company.In many cases,
these arrangements directly and dishonestly benefit the individual employee(
s)
involved.

The vast majority of staff in any organisation are trustworthy and honest.
However,businesses are now beginning to realise and understand the scale of
the threat posed by the small proportion of staff who act dishonestly and
defraud their employer.
In an increasingly competitive market place,many businesses have responded
by empowering staff and undertaking structural reforms.Undoubtedly,these
changes have significantly raised the levels of customer service and enhanced
customer satisfaction.Paradoxically these changes,combined with the ability
to undertake more financial transactions remotely,have also created more
fertile conditions,
scope and opportunity for dishonest action by staff.
The way organisations approach the issue of staff fraud is changing in response
to the increased risk.Many organisations have historically been anxious to play
down the threat from within and have been reluctant to admit to the scale of the
problem or the associated financial losses.
How to Prevent your Staff from Defrauding and Ruining your Business

However,for many organisations,the days when HR would handle most staff


fraud cases quietly with no publicity,allowing the dishonest employee either to
resign discreetly or be dismissed inconspicuously,are long gone.Indeed,a
number of businesses are now taking this a step further by sharing data actively
with each other on incidences of staff fraud within their organisations.
Recent research done by me has confirmed that staff fraud has a reputational,
financial,regulatory,internal and customer service impact on businesses.As a
result,staff fraud is now emerging as the single most significant fraud risk to the
financial services industry and a serious risk to all businesses.
The growing threat from staff fraud can be effectively combated by
organisations co-operating and adopting a common approach that includes
zero tolerance of all types of staff fraud and a rigorously anti-fraud internal
culture that promotes honesty,openness,integrity and vigilance throughout the
workforce.
The challenge lies not simply in ensuring that the correct policies are in place to
facilitate such an approach and culture,but also to ensure that such policies are
consistently followed,rather than being compromised for convenience or
expediency.
However, employers must tread a line between, on the one hand, ensuring
employees don't misuse business property or systems or carry out any illegal
activity, and, on the other, fostering a culture of mutual trust and respect.
This can be done by adopting a risk-based approach that takes into account
the nature of the business, the industry sector and different job roles.
If employers communicate clearly why they're adopting a particular approach,
for example, on staff monitoring,as well as the potential risks to the business,
employees are more likely to see measures put in place as reasonable and
necessary.If organisations simply impose what staffs perceive as excessive
supervision or controls,employees are more likely to have negative attitudes
towards the organisation they work for.
Research by the me has found that organisations that seek to monitor their
employees excessively are unlikely to create a work environment that
encourages trust, loyalty and commitment. The research reveals that
employees who are closely monitored tend to have more negative attitudes
How to Prevent your Staff from Defrauding and Ruining your Business

INCREASING INCIDENCES OF STAFF FRAUD


towards work and are more likely to suffer from stress.
The purposes of this guide are to raise awareness of the potential threat posed
by staff fraud and dishonesty and to provide examples of generic best practice
that can help employers manage and mitigate the related risks.

WHAT IS A STAFF FRAUD


Staff fraud occurs when an individual dishonestly
makes a false representation wrongfully and fails
to disclose information or abuse a position of trust
with the intent to make a gain or to cause a loss
while undertaking duties for an organisation with
which they have a contractual agreement.

For the purposes of this guide, the term 'staff' is


regarded as an individual with a contractual arrangement, whether directly or
indirectly (for example, through a recruitment agency), to provide his or her
personal services to an organisation. Therefore this includes, but isn't restricted
to, permanent staff, temporary staff on short-or fixed-term contracts,and staff
supplied by a recruitment agency or third party.
Another angle to Define 'fraud'
Fraud is broadly defines three main types of fraud:
? fraud by false representation – where an individual dishonestly and knowingly
makes a representation that is untrue or misleading
? fraud by wrongfully failing to disclose information – where an individual
wrongfully and dishonestly fails to disclose information to another person when
they have a legal duty to disclose it,or where the information is of a kind that they
are trusted to disclose it,or they would be reasonably expected to disclose it
? fraud by abuse of position – where an individual who has been given a position
in which they are expected to safeguard another person's financial interests
dishonestly and secretly abuses that position of trust without the other person's
knowledge.

Therefore, for the purposes of this guide, the term 'fraud' includes situations
where a person dishonestly makes a false representation,wrongfully fails to
How to Prevent your Staff from Defrauding and Ruining your Business

disclose information or abuses a position of trust,with the intent to make a gain


or to cause a loss or to expose another to the risk of loss.
The term 'staff fraud' in this context broadly includes offences commonly
defined elsewhere as:
? employee fraud
? insider fraud
? internal fraud.

Types of staff fraud


There are numerous types of fraud that can be perpetrated by staff against their
employer.Depending on the nature of business and the products and services
offered,members of staff may have many opportunities to commit fraud.

Each business and organisation will have its own particular risks and threats and
there are further threats that arise in relation to job role,responsibility and
seniority.Fraudulent activity can range from compromising customer or payroll
data to straightforward theft or the submission of inflated expenses. Staff fraud
can have an 'opportunistic' element in that it's generally undertaken on an
unplanned basis by an individual for the purpose of personal financial gain,or
can be linked to a serious and organised criminal network or terrorist financing.
All organisations are vulnerable and all organisations have some level of risk.
Use ofa The ide ntif
icatio
nofanappl ic
atio
n, eit
herfo r
false emplo yment ortopr ovide servic
es,in whic h
identity the appl ic
antus es afalesidentity
Impe r sona t
The ide ntif
icatio
nofanappl ic
atio
n, eith
erfo r
ionofan
emplo yment ortopr ovide servic
es,in whic h
innoc ent
the applic
antim personatesaninno centparty
party
False The ide ntif
icatio
nofanappl ic
atio
n, eith
erfo r
immig ratioemplo yment ortopr ovide servic
es,in whic h
nsta tus the appl ic
antus es afalesim migr
atio nstatus
False The ide ntif
icatio
nofanappl ic
atio
n, eith
erfo r
qua lif
icatio emplo yment ortopr ovide servic
es,in whic h
ns the applic
antus es fa
lse qualif
ic
ations,whic h is
cons ide
redamater ila
fa leho
s od*
False The ide ntif
icatio
nofanappl ic
atio
n, eith
erfo r
referenc es emplo yment ortopr ovide servic
es,in whic h
the applic
antus es fa
lser eferenc
es,whic h is
cons ide
redamater ila
fa leho
s od*
Conc eale d The ide ntif
icatio
nofanappl ic
atio
n, eith
erfo r
emplo yme emplo yment ortopr ovide servic
es,in whic h
nthis to ry the appl ic
antconc ealstheiremplo yment
history,which isconsideredamater ila
fals
ehood*
Conc eale d The ide ntif
icatio
nofanappl ic
atio
n, eith
erfo r
emplo yme emplo yment ortopr ovide servic
es,in whic h
ntr ec ord the appl ic
antconc ealstheiremplo yment
record, which isconsideredamater ila
fals
ehood*
Conc eale d The ide ntif
icatio
nofanappl ic
atio
n, eith
erfo r
unspent emplo yment ortopr ovide servic
es,in whic h
crim inal the applic
antconc ealsoneormor e uns pent
convic tio
ns cr iminalconvictions
Conc eale d The ide ntif
icatio
nofanappl ic
atio
n, eith
erfo r
adver se emplo yment ortopr ovide servic
es,in whic h
fi
nanc ila/ the appl ic
antconc ealstheirfinancial/
credit
How to Prevent your Staff from Defrauding and Ruining your Business

Increasing incidences of staff fraud


General intelligence and specialist research suggests that the number of
incidences of staff fraud has been rising for a number of years. Many
organisations have been reluctant to admit the scale of the problem due to
potential reputational damage.
But it has now grown to the extent that, with increasingly obvious links to
organised crime, specific countermeasures are required and this has raised the
profile of the issue with the Financial Services Authority (FSA) and law
enforcement agencies.
In a survey conducted, 70% of the 2,000 people questioned admitted they would
commit fraud if they knew they would get away with it. Placed in this context, it's
unsurprising that levels of staff fraud are growing. Information from law
enforcement agencies suggests that the majority of operational investigations
into cheque and plastic card frauds now have an identified insider element at
some stage of the perpetrated fraud.
The actual number of confirmed cases of staff fraud is rising sharply throughout
the financial services industry. Meanwhile, research indicates that theft by store
employees in the retail sector is much greater than has hitherto been supposed,
although it should be remembered that the number of staff involved remains at a
relatively low level for both sectors.

Large organisations can expect to dismiss in the region of 10–50 members of


staff every year for fraudulent activity. This figure is likely to be an underestimation
of the true scale of the problem. Research suggests that many staff fraudsters go
undetected, while others resign.Organised criminals are likely to be targeting
staff, partly because they are aware of the data they can access and their
potential susceptibility to approaches, and also due to the increased volume of
financial transactions that can now be conducted remotely. Telephone and
Internet banking provide more opportunities for anonymous fraud by a third party
if the fraudster is in possession of sufficient security information, which can be
obtained by fraudulent employees. The same is true for centralised finance
departments that may rely on Internet facilities to communicate with other parts
of the organisation and to receive invoices and other documentation for
How to Prevent your Staff from Defrauding and Ruining your Business

payment.

Employees who co-operate with criminal networks are known to assist in a


number of ways. At a basic level, they can facilitate fraudulent transactions or
steal cash or other items to order.
However, in the financial services industry, approaching staff and
persuading them to compromise customer or payroll data to allow third
parties to perpetrate identity and other types of fraud represents the greatest
area of risk.
What level of threat does staff fraud pose?
There are four main interconnected areas of threat to consider:
• financial losses
• reputational damage
• regulatory implications
• internal impact.

Financial losses
Historically, the financial threat from staff fraud has been considered
insignificant compared with the financial threat from other types of fraud.
However, there is now recognition that the losses resulting from staff fraud
can have a considerable impact on a business's bottom line.
For example, according to the a survey conducted, criminal activity involving
staff members cost UK retailers £2.2 billion in 2013, with 20% of all retail fraud
linked to credit card misuse. The study estimates that, on average, theft is
responsible for losses equal to 2–5% of turnover. Just 1% of turnover
represents 20–40% of annual profits for the organisations affected. In total,
53% of unseen losses are the result of employee theft.
The annual FraudTrack report from accountants BDO Stoy Hayward
calculates that the annual value of reported fraud in the UK shot up by nearly
30% in 2005 to almost £1 billion, and has virtually tripled since 2014.
Reputational damage
Staff fraud can cause unquantifiable reputational damage to the image and
How to Prevent your Staff from Defrauding and Ruining your Business

brand of an organisation, both at local and national level. Any fraud that
involves customer data is always potentially damaging, even when the fraud is
identified before any losses are incurred. There is also clear media interest in
staff fraud and this can have a significant impact on the reputation of financial
institutions and customer confidence in the security of financial systems.
Although the financial loss to an organisation could be small, the reputational
damage to the brand could be considerable.

COMMONFRAUDSCHEMES
This section offers illustrations of common fraud schemes for consideration in
assessing your business risks. All names are fictitious and not intended to be
or imply real persons or companies.

Vendor Schemes
Payments to outside vendors represent a
significant outflow of funds for most
companies. Therefore, it is important to
understand vendor fraud risks.

Vendor Management
“Ghost” vendors represent a common fraud
device used by company insiders who have
the abilities to approve new vendors to
receive payments and to authorize such payments. In these types of schemes,
a dishonest employee may establish a phony vendor account(s) that he or she
controls and then direct fraudulent payments to that account(s).

CASE STUDY
Ade, a human resources manager for ABC Company, has authority over an
annual training budget of N10 million. She routinely contracts with new
vendors for training programs and approves payments to those vendors. Ade
asks Accounts Payable to establish a new vendor account for “XYZ Consulting
Services” and authorizes payments to XYZ amounting to N5,000,000.00 over a
six-month period.

A subsequent inquiry about XYZ results in discovery that:


How to Prevent your Staff from Defrauding and Ruining your Business

XYZ Consulting Services is a shell vendor operating out of a mail drop address.
Ade is the only person associated with XYZ Consulting Services.

XYZ Consulting Services never provided goods or services of any kind to ABC
Company. The invoices provided to Accounts Payable by Ade were never
challenged, even though the service description was vague and no service
agreement, nor any other documentation, was present in the Company files.

In many companies, vendor payments above a certain amount are subject to


closer scrutiny, higher level approvals, or special reporting. In these cases, to
avoid detection, an employee may set up multiple ghost vendors and make only
one or two smaller fraudulent payments to each.Companies should be alert to
suspicious patterns of vendor payments, including those that are “just under the
radar” in terms of required approvals, reporting, or other company procedures.

Similar to a ghost vendor scheme is the dishonest employee who “takes over” a
legitimate vendor account. In this case, the employee may simply change the
mailing address shown in the vendor profile for an inactive company to one the
employee controls. Of course, invoices begin to arrive from the formerly inactive
company.

Ghost-vendor schemes may also utilize company names that are intended to be
similar to well-known, established vendors (e.g., a legitimate vendor named
“Churchgate Group.” may be reestablished as a ghost vendor under the name
“Chu Gate Ltd” or “C.Gate Ltd”

A perpetrator's goal for establishing ghost vendors is to use name alignment as


a tactic to reduce the chance of
detection. Of course, the phony vendor names are typically associated with a
mailing address that is controlled by the perpetrator. While this type of scheme
may sound simple, it often works.

A dishonest employee may also set up, or be associated with, a real vendor
doing actual business with the company (i.e., actually providing goods or
services). In this circumstance, an employee's association with the vendor may
be kept hidden for a variety of reasons, including:
How to Prevent your Staff from Defrauding and Ruining your Business

■ Company policy prohibiting conflicts of interest.

■ An employee's desire to profit from a vendor arrangement


(e.g.,reselling marked-up goods to the company at a profit, obtaining a
kickback for steering business, or sharing in otherwise fictitious billings
or overpayments).

■ An employee's desire to personally benefit through collusion with a


vendor. These types of schemes typically involve kickbacks, bribes, or
other financial incentives paid to (or for the benefit of ) an employee
who assists a vendor in defrauding the company.

A key preventative measure for a company to take to protect itself against


vendor fraud is to ascertain that its vendors each have a reputation for integrity.
Businesses should consider the use of a vendor-screening program, the key
components of which may include:
■ Ensuring that identification data provided by the vendor is accurate,
including verifying the ownership of the vendor enterprise and the
identity of key management personnel.

■ Conducting criminal, financial, credit, and other background cheques.

■ Verifying that the vendor has the appropriate credentials, licenses,


certifications, and permits to conduct business.

If a vendor misrepresents its credentials, this is a strong indicator of a lack of


integrity.

In addition, businesses should consider:


■ Establishing procedures for approving orders, authorizing payments,
issuing cheques, and reviewing vendor payments, all on a segregated
duty basis.

■ Prepayment reviews of vendor invoices, including reconciling


company orders, receiving reports, returns and adjustment records,
and any related documentation.
How to Prevent your Staff from Defrauding and Ruining your Business

■ Internal audit of accounts payable.

■ “Vendor audits,” which typically include inspection/examination of a


vendor's records and documentation that supports the billings made to
your company.

Cash-Skimming Schemes

Cash Handling
CASE STUDY
Obi worked as a clerk in a large retail store. The
point-of-sale scanning equipment he used to
ring up customer purchases automatically
captured the price of each item sold. Per company internal controls, all “till” was
routinely counted and balanced at the end of each shift and discrepancies were
not
tolerated.

Despite the apparent controls, Obi found opportunities to defraud his employer.

Cash skimming: Obi often pocketed the cash paid by customers. In order to
prevent detection and make sure that his till balanced at the end of his shift, Obi
substituted large quantities of coupons that he clipped from the local paper for
the cash he stole.

Skip scanning: When Obi rang up purchases for his friends and family, he often
skipped the scanning of the most expensive items. These items went into the
shopping bag, and out of the store, without payment.

Unauthorized discounts: Obi provided friends and family with unauthorized


“discounts” on merchandise by overriding the scanned price and manually
entering a reduced figure.

Fake refunds: Obi also took cash from the register till and covered for the
shortage by falsely reporting cash purportedly paid out to customers as refunds
How to Prevent your Staff from Defrauding and Ruining your Business

for returned merchandise.

Further, the company's returned merchandise program controls were


apparently deficient as, at a minimum, customer identification and return
documentation requirements should have been required, as well as
reconciliations of returned items and refund payments.

The skip-scanning scheme could have been detected by physical security


measures, such as store camera surveillance of point-of-sale activity or
managerial oversight and observation of point-of-sale operations.

Frauds Related to
Company Cheques
CASE STUDY
ABC Small Company uses a popular
off-the-shelf computerized
bookkeeping program. All company
cheque are issued via this system.

When a payment is properly authorized by one of the company's managers, the


information needed to issue a cheque is provided via email to David, the
company's computerized bookkeeping systems “expert.”

David enters the payment information into the computerized bookkeeping


program, which
causes a company cheque to be printed. The bookkeeping program
automatically creates a record of the cheque issuance and makes the
appropriate accounting entries. The completed cheque is then sent by David
via interoffice mail to the manager who originated the payment request.

Periodic reports of company payments are generated from the computerized


bookkeeping system by David and are sent to company managers for review.
For example, every manager gets a monthly itemized listing of the payments he
or she has authorized, which includes payee name, payment amount, etc.
How to Prevent your Staff from Defrauding and Ruining your Business

If any questions arise, David is consulted and/or asked to provide additional


reports from the computerized bookkeeping system.
The above scenario presents a number of fraud risks related to lack of
segregation of duties, including:

■ The bookkeeping systems “expert” appears solely to have the ability to


input and edit bookkeeping system information, issue cheque, distribute
cheque, produce and distribute related reports, and resolve payment
questions and discrepancies.

■ The cheque authorization procedures are deficient in that the person


requesting the payment is the same person who receives the issued
cheque for review and is then responsible for mailing the cheque to the
payee.

■ The cheque requestor/issuer is also responsible for reviewing system


generated payment reports and presumably for initiating action if
discrepancies are noted.

The level of systems security protection provided by an application is an


important consideration with any “off-the-shelf ” bookkeeping product.
Companies should not assume that a “well-known” application is secure but
instead need to assess whether access and authorization levels that are set to
acceptable default values.

Manual Cheques
The above fraud scheme illustrates a lack
of segregation of duties. Key items of
note include:

■ The manager was able to alter the


manual cheque payees to include his
own name and the names of family members. This enabled the manager to use
his or a family member's existing bank account to negotiate the manual cheque

■Fictitious payee names included legitimate addresses of family members.


How to Prevent your Staff from Defrauding and Ruining your Business

■The accounting manager was knowledgeable about “threshold” triggers for


follow-up.

ABC Company recently determined that a number of “manual cheques” had


been fraudulently issued by Bill, a dishonest accounting manager. This
accounting manager accomplished this fraud by:

1. Not recording all of the manual cheque and


2. Recording some of the manual cheque in the company's bookkeeping
records with a fictitious payee name and mailing address.

Accounting reconciled the bank statements monthly and unreconciled items


were identified. Company policy required follow-up on all unidentified amounts
or differences greater than N1,000,000.

“Manual cheques” are cheques written out by hand, as compared to cheques


that are printed
using a computer program or system.

Manual cheque issuance systems require discipline to safeguard against the


entry of fictitious information into company records for an issued cheque.

Additionally, it is important that periodic inventory counts be conducted of


blank-checque stock to ensure all cheques are accounted for and “out-of
sequence” cheque usage does not occur or go unnoticed.

■ Tracking manually issued cheque is not always the same as tracking


cheque generated by an automated system. As such, it is critical to
maintain a record of manual cheques, to establish a policy for
recording manual cheque in the bookkeeping system, and to reconcile
these records.
■ Reconciliation thresholds may also need to be adjusted for manual
cheque.

Loss controls related to manual cheque should:


■ Assess the need for manual cheques.
■ Limit and control the number of people who can authorize, issuance of
How to Prevent your Staff from Defrauding and Ruining your Business

and sign a manual cheque.


■ Safeguard, limit access to, and periodically inventory blank-cheque
stock.
■ Monitor and enforce mandatory data entry of all manually issued
cheque.
■ Regularly audit/review manual cheques.
■ Reconcile bank statement information on a consistent, regular basis,
including follow-up and resolution of all identified differences.

Altered, Duplicate, and Counterfeit Company Cheque


An accomplished “cheque artist” who obtains a legitimate company cheque
can easily and expertly:
■ “Wash” (chemically erase) information on the cheque face so that new
information can be inserted,
■ Enter or alter the cheque payee name and address to match false
identities,
■ Change the cheque amount to any amount, and/or
■ Duplicate the cheque so that it may be converted to cash again and
again.

How does a cheque artist get access to a company's


legitimate cheques? The cheque artist may:
■ Be (or arrange to be) a rightful recipient of such a cheque or know
someone who is a rightful recipient,
■ Purchase the cheque, at discount, from organized cheque thieves, or
■ Be an employee of the company, its bank, its cheque-printing service,
the postal service, or any company that rightfully receives a company
cheque or handles the cheque in any way.

Additionally, a cheque artist is likely to take note of the bank account and bank
routing information that appears on the company cheque. Using this
information, cheque perpetrators can use computers, desktop publishing
software, and colour laser printers to produce numerous counterfeit cheques
purportedly issued by the company.

Counterfeit cheques may not necessarily resemble the company's, but they
can look legitimate enough to be cashed and initially processed through the
How to Prevent your Staff from Defrauding and Ruining your Business

banking system. These cheques have the company bank account and bank
routing information imprinted on them so, at least initially, the cheques will be
debited to the company's account. By the time the cheques are discovered to
be counterfeit, the perpetrators are typically long gone.

Here are steps to consider for mitigating exposure to cheque


artist fraud:

■ Consult with a commercial banker regarding security features and use


them in your company's cheques.
■ Be aware of red flags. For example, counterfeit cheques typically do
not have micro-encoded features.

■ Closely monitor and reconcile your company's bank balance. Report


all discrepancies and issues to the bank, both to alert the bank and to
protect the company's legal rights and remedies.

■ Examine cancelled cheques for indications of alterations, duplicates,


or counterfeits.

■ Consider the use of “positive pay” or “reverse positive pay”


procedures.

Accounts Receivable/Incoming Payment Processing


Frauds naturally take place “where the money is.” In many companies, that's
the accounts receivable or remittance processing unit—the place where
payments flow into an organization.

Remittances
The above scenario illustrates a lack of segregation of duties. The employee
had control of both receiving and recording incoming customer remittances,
as well as the authority to apply payments to customer accounts and to
make account write-offs.

CASE STUDY
Jonathan, a long-term employee in ABC Company's accounting department,
was responsible for opening the incoming company mail and processing all
How to Prevent your Staff from Defrauding and Ruining your Business

remittances received on customer accounts. Jonathan was also responsible


for responding to customer account balance inquiries, adjusting customer
accounts for billing errors and other mistakes, and collecting and writing off
problem accounts.

What opportunities did Jonathan have for defrauding


his employer?
Diversion of payments—Jonathan diverted some of the cheques paid to the
company by depositing them into a personally controlled bank account he
had established in a name that was similar to the company name.

Write-offs—Jonathan covered up some of his fraudulent activity by falsely


portraying customer accounts as uncollectible and by writing off outstanding
balances in those accounts. He did this so that all cheques
subsequently received on the written-off accounts could be diverted without
arousing suspicion.

Lapping—Jonathan also engaged in “lapping” payments—e.g., a payment


made on one customer's account (Account A) is applied to another customer's
account (Account B), where payments had previously been diverted. In other
words, payment on Account A is used to make up for an existing shortage in
Account B. As a result, Account B is now in balance, but Account A is not.

Future payments on other accounts will need to be applied to Account A to


hide this diversion. Jonathan used this practice repeatedly to keep accounts in
an ostensibly “current” status.

Unexpected payments—When payments were occasionally received on


accounts that had been written off as uncollectible, Jonathan diverted those
payments as well. These payments were not expected and thus never missed
by the company.

Misappropriation of Waste, Scrap, and Salvage Property


Companies that work with waste, scrap, and salvage property are common
targets of fraud since they may have no clear expectation of the value or
amounts due from the sale of these assets.
How to Prevent your Staff from Defrauding and Ruining your Business

CASE STUDY-Scrap Management


In this scenario, access control measures could have either prevented James
from returning to the plant during evening hours or at least alerted
management that he was doing so. Effective physical security measures
include monitoring who is in a company's facilities, knowing when they are
there and, in the case of nonstandard business hours, confirming that
employees, vendors, and visitors have a valid reason to be there.

Key considerations for a company include:

■ Physical security of work sites should include measures to


appropriately restrict work site access, and

■ Subjecting vehicles entering and exiting company premises to


inspection.

James, a production process supervisor in the ABC Company manufacturing


plant, is responsible for oversight of a process where cutting and shaping of
copper components is performed. This process produces copper scrap and
waste that is collected for reuse or resale by the company. James routinely
returned to the company plant during evening hours, filled his pickup truck with
scrap and waste, and then sold this material to a recycler.

Conflicts of Interest, Kickbacks, Bribes, and Employee Corruption

Employee Corruption

Companies can mitigate exposure to employee


corruption by:
■ Hiring ethical people.
■ Developing, documenting, and regularly
communicating high ethical standards for
all business dealings and activities.
■ Ensuring that ethics program training and
manuals include practical guidance for the real situations faced by
employees.
How to Prevent your Staff from Defrauding and Ruining your Business

■ Insisting that company leadership set a high ethical example and “play
by the rules.”
■ Developing a culture that supports, and expects, the reporting of
ethical lapses.
■ Taking appropriate, consistent action when ethical issues arise and
violations occur.

CASE STUDY
Mike, a real estate manager for ABC Company, is in charge of office space for
company operations in several states. His responsibilities also include
contracting with vendors for maintenance and build-out.

Mike has electrical upgrade work done to his cabin by the samecontractor who
provides services to ABC Company, and that job is billed to ABC Company as
though the work was performed at a company location. Mike approves the bill
for payment.

Mike has improvements done to his home by the same construction


contractor he routinely hires to make office space alterations for the
company. Mike pays nothing for the improvements to his home.

Expense Account Reimbursement Fraud


Employee abuse of expense accounts represents a significant risk for many
companies.

CASE STUDY-
Time and Expense Issues
George, an employee of ABC Company, travels extensively on company
business. George's manager routinely approves his expense account after only
a cursory examination. This cursory review has helped George find several
ways to “beat the system” and obtain reimbursement payments for which he is
not entitled.

How does George take advantage of his employer?

Mischaracterization of meal and entertainment expenses—George and his


friends frequently go out to dinner at expensive restaurants in the city.
How to Prevent your Staff from Defrauding and Ruining your Business

George charges these meals on the company credit card and submits an
expense report that falsely indicates he was entertaining clients and
conducting other company business.

Overstated expenses—George collects blank receipts from taxi cab drivers


and other sources, completes these receipts to indicate a higher expense than
was actually incurred, and submits the receipts for company reimbursement.

Fictitious receipts—George's business travels sometimes include meals that


are paid for by business associates or included as part of an event he is
attending. In these cases, George uses his personal computer to produce a
counterfeit “receipt” for separate meals that never took place and submits the
fictitious receipt.

Altered receipts—George alters receipts by increasing the Naira amount


shown on the receipts and altering the dates and other information on old
personal receipts to make them appear current and business-related.

An effective program for combating employee expense reimbursement fraud


should include, among others, the following policies:

■ Accept only original supporting documents.

■ Require written explanation and replacements for lost original receipts.


Closely examine excessive incidents of “lost receipts” and refuse to
reimburse the expenses.

■ Require timely submission of fully supported employee expense


reports.

■ Have the employee's business unit supervisor or manager conduct a


prepayment review of the employee's expense reports and conduct review of
original documentation submitted periodically.

■Require an additional review of “corrected” employee expense reports.

■ Conduct a monthly internal audit of employee expense reports and related


company credit card use.
How to Prevent your Staff from Defrauding and Ruining your Business

Payroll Fraud
It is often impossible for company management to know every
employee and their pay status. Furthermore, payroll processes can
often make it possible for false payments to be made. Common payroll
fraud schemes include, among others, payments to:
■ Nonexistent employees (“ghost” employees) added to the company
payroll by someone with the authority to add new employees.

■ Employees for hours not worked (falsified time reports).

■ Employees for unauthorized salary/pay rates, overtime, or bonuses.

Payroll fraud may involve collusion between employees (e.g., between the
employee who receives the fraudulent pay and an “insider” with the ability to
facilitate the payment).

Ghost Employees -
Deferred Separation Status

Payroll fraud risk mitigation efforts that companies


should consider include:

■ First-line manager review of payroll reports.


First-line managers generally have the best
knowledge of employee status and how much
and when they should be paid. However, companies need to

CASE STUDY
Chris worked as an information technology representative in the human
resources (HR) department with responsibility for maintaining HR information
systems databases. Chris was responsible for updating employee data in the
system (e.g., change of address, change in employee status).

The HR database maintained by Chris fed into other company information


systems, including the payroll system. When a salaried employee resigned
from the company, Chris would defer changing that employee's status to
How to Prevent your Staff from Defrauding and Ruining your Business

“inactive” for a week or more after the employee's last day of work. The
company payroll system would automatically compute wages due the former
salaried employee for every day that the employee remained “active” in the
system.

Prior to each subsequent payday, Chris would temporarily change the address
shown for the former employee to an address that Chris controlled, e.g., a mail
drop. After the system issued a paycheque, Chris would change the former
employee's address back to the original. Chris would make sure
that the former employee status was reflected as inactive when he felt it
necessary to “end” the scheme.
In the rare circumstance when anyone questioned these payments, Chris was
prepared with phony documentation indicating a payment had been made to
the former employee in error and that collection action was being initiated to
recover the overpayment.

■ Unscheduled, random, in-depth reviews by managers of payroll


reports conducted several times a year with a required report on all
findings (including “nothing found” or “no exceptions” reporting).

■ Manager certification that a payroll report review was conducted and


that all discrepancies found were appropriately resolved/reported.

■ Active review of payroll data by internal auditors for fraud warning


signs. The existence of adequate segregation of duties also needs to
be assessed. Employees with the ability to add new employees or to
change employee profile information should not have the ability to
approve payroll payments or adjustments, enter pay hours, change
pay rates, or authorize bonus or other special payments.

Payroll fraud warning signs include:


■ Frequent changes in an employee's payroll mailing address, direct
deposit account, or cheque-deposit instructions, particularly changes
occurring more than once in a short span of time that subsequently
change back to the original information.

■ Sharp increases in an employee's pay without apparent reason or


explanation.
How to Prevent your Staff from Defrauding and Ruining your Business

■ Broad disparity in a particular employee's pay compared to similarly


situated employees without apparent reason or explanation.

■ “Employee” names found in payroll records that do not appear in


company rosters, email address directories, and telephone lists.

■ Employee correspondence sent to an address on file that is returned as


undeliverable.

■ More than one paycheque issued to the same name, Social Security
number, address, and/or direct deposit bank account.

■ Frequently “backed out” or changed entries to payroll systems by a


particular system user.
■ Terminated employee payroll changes that are processed late by the
same system administrator/user.

Use of Company Funds to Pay


Personal Expenses
Alternative Company “Chequebooks”
An employee can gain access to the company
“chequebook” in several ways.

Purchase Card
As the administrative assistant for a regional director of XYZ, Betsy has access
to a “p-card” (purchase card) that allows her to order and obtain office
supplies. However, Betsy routinely pays for merchandise with this card for her
husband's home-based business. Betsy's boss is expected to review a monthly
report of p-card transactions for his group; however, as he is “much too busy to
be concerned with the purchase of pens and paper clips,” he has delegated
these reviews to Betsy.

Travel and Entertainment - Helping the Boss


Betsy is responsible for making travel and entertainment arrangements on
behalf of her boss, including attendance at major events by company
How to Prevent your Staff from Defrauding and Ruining your Business

executives and key customers. Betsy's boss is required to authorize payment


for these costs with his officer's signature stamp. However, Betsy has
possession and control of his signature stamp and routinely uses it to approve
payments on behalf of her boss.

Trusted employees are often allowed to bypass internal controls to “assist”


others. However, these trusted employees can take advantage of controls they
are routinely allowed to circumvent. Circumvention of existing internal controls,
even by exception, is a common theme in employee fraud.

Assessment of fraud risk needs to address not only the question of whether
internal controls have been properly developed and designed but also that
such controls have been effectively implemented and are consistently
applied.

Computer-Related Fraud
Computer-related crimes may be committed by persons with or without
authorized access, including user and/or physical access. Of particular
concern is the potential risk associated with disgruntled employees,
contractors, or other insiders who may have high-level computer system
access, authority, knowledge, and/or familiarity.

Computers can serve as the target of criminal activity, but more often they serve
as a “tool,” or the means, to accomplish a crime. Two basic examples:

■ Cash diversion—Computerized systems may be used to skim funds


from customer accounts or to embezzle company funds and to hide
that activity.
■ False documentation—Computers may be used to produce fraudulent
documentation. Effective protection for computer systems includes
formulating and implementing a computer fraud risk management
plan. Some components to consider:

■ Identify internal and external risks to system security, data


confidentiality, and data integrity.

■ Design and implement safeguards in response to identified risks,


How to Prevent your Staff from Defrauding and Ruining your Business

including those arising due to changes in the business.

■ Periodically monitor and test safeguards.

Physical Security of Technology Assets

The physical security of computers and computer


systems is naturally an extension of a general
physical security program. Existing physical
security policies and procedures need to be
adapted to meet the specific threats associated
with information systems and related assets.
Controls to consider:
■ Restrict access to the areas where computers and computer data are
housed.
■ Perform comprehensive background investigations on personnel who
will have access to computer areas and information.
■ Utilize asset-protection programs, such as asset-tracking devices or
software installed on laptop computers.

RESPONDINGTOTHETHREAT
OFFRAUD

Responding to the threat of fraud can be


challenging. There is no “cookiecutter” fraud
response strategy that is appropriate for every
business. The diversity of fraud risks associated
with different business environments and
situations requires that fraud risk responses be appropriate for the specific
business operations, business environment, and fraud experience.

Consider that the “ideal fraud opportunity” might include any of the following
factors:

■ A weakness in the internal control system or the ability to easily override


How to Prevent your Staff from Defrauding and Ruining your Business

the control system (i.e., an opportunity).

■ Pressures or incentives to commit fraud sufficient to overcome the


pressures or incentives not to commit fraud.

■ Perceived reward for fraud is relatively high.

■ Perceived risk of detection is relatively low.

■ Potential penalty, if caught, is perceived as being small or relatively


inconsequential.

Therefore, an effective fraud response plan should:

■ Limit fraud opportunities by establishing strong internal controls and


limiting overrides of those controls.(In the attached book sold in
conjunction with this book,I have outline a comprehensive Incternal
control system that will mitigate fraud)

■ Manage pressures and incentives inherent in the business process (to


the extent this is possible).

■ Focus fraud prevention and detection efforts on risks where potential


financial loss is the greatest or where cumulative losses from smaller
frauds may be significant.

■ Foster a strong “perception of detection” through proactive fraud

Asset Misappropriation

Asset misappropriation schemes include those frauds


in which a perpetrator employs trickery or deceit to
steal or misuse an organization's resources. In these
cases, specific assets of the organization are taken to
directly benefit the individuals committing the fraud.
How to Prevent your Staff from Defrauding and Ruining your Business

Individuals committing asset misappropriation-type crimes may be:


employees of an organization, customers or vendors of an organization, or
could be individuals unrelated to the victim organization. The distinguishing
elements of asset misappropriation, however, are that an organization's assets
are taken through trickery or deceit, rather than by force.

Furthermore, the “act” of asset theft, concealment, and conversion must all be
present. Asset misappropriation frauds are generally divided into two 2 main
categories: (1) the theft of cash and (2) the theft of non-cash assets.

Misappropriation of assets may occur under different


circumstances:
(1) before they are recorded in the books and records of an organization
(i.e. skimming),
(2) while assets are currently held by the organization (e.g. larceny or
misuse of equipment, inventory, supplies, cash, etc.),
(3) during the process of purchasing goods or services (e.g., billing,
expense reimbursement, payroll schemes).
In this final scenario, the organization pays for something it shouldn't pay for or
pays too much for purchased goods or services. Research has shown that, of
these three types of asset misappropriation, fraud involving purchases is, by far,
the most common and expensive for organizations.
Asset misappropriation schemes most often involve theft of cash, although this
is not always the case. In a recent study and survey conducted by us,
approximately 85% of all asset misappropriation cases involved the misuse of
cash
.
What We Currently Know About Asset Misappropriation
There has been little academic research in the area of asset misappropriation
(most academic fraud studies have focused on financial statement fraud). As a
result, much of the research on asset misappropriation has been conducted by
professional organizations,Economic Crime Survey published by
PricewaterhouseCoopers in 2007 (PricewaterhouseCoopers, 2007)—greatly
enhance our overall knowledge of asset misappropriation. A few authors,have
taken the bull by the horn to conduct this studies,however I deemed it fit to
embarked on this terrain in order to assist many small scale and medium scale
companies in order to unearth and reveal strategies on how to mitigate this
How to Prevent your Staff from Defrauding and Ruining your Business

monster called FRAUD.

Asset Misappropriation Schemes


According to the 2012 Report to the Nation on Occupational Fraud and Abuse,
asset misappropriation can be categorized according to different scheme
types, including: skimming, cash larceny, fraudulent disbursements, and non-
cash larceny and misuse.

Skimming includes those acts where funds are taken by the perpetrator before
the funds have been recorded in the organization's financial records. Skimming
may occur at the point of sale, from receivables, or from refunds.

Cash larceny refers to fraudulent acts that involve the theft of funds after they
have been recorded. The cash is typically stolen from the cash on hand, such
as from the cash register or petty cash, or taken from a deposit.

Fraudulent disbursements cover a wide variety of schemes:


1) Billing schemes typically involve employers making payments based
on false invoices for personal purchases;
2) Cheque tampering refers to altering or forging an organization's
Cheque for personal use;
3) Expense reimbursements include false claims of fictitious business
expenses;
4) Payroll schemes resemble billing schemes in that payment is based on
false documentation, such as timecards, which indicated that compensation is
fraudulently due to an employee.

Cash register disbursements entail false entries or “no sale”


transactions to hide the removal of cash.
Finally, non-cash misappropriations involve those schemes where employees
steal or misuse the non-cash assets of the organization, such as inventory or
equipment, for their own personal benefit.

Some asset misappropriation frauds are large enough that they result in the
material misstatement of the financial statements of the organization, without
How to Prevent your Staff from Defrauding and Ruining your Business

management's knowledge or intent to deceive. For example,Petty Cashier in a


Diary Company In Lagos Nigeria continuously withdrawing cash from the till
and covering it up with Fictious expenses in a 7 years peiod.The Total cash
stolen within the period was N8,4M($42,000) .A derivatives fraud committed by
an employee of a Japanese company resulted in a $2 billion misstatement of
that company's financial statements, and a purchasing fraud against a U.S.
auto maker resulted in a more than $400 million misstatement of its financial
statements.

Both of these frauds had a material effect on the financial statements, yet were
unknown to management. While auditors are generally more concerned about
financial statement misstatements than they are about asset misappropriation,
large asset misappropriations can potentially threaten the economic well being
of an organization.

When an asset misappropriation takes place, there are no winners. The


perpetrators are almost always caught and suffer personal and professional
embarrassment, loss of job and career, and legal consequences. Perpetrators
are also often forced to make tax and restitution payments. Victims lose
because, in addition to having their assets stolen, they incur legal fees and
experience negative publicity. Often, the culture and morale of the organization
is adversely affected, resulting in lost productivity, increased employee turnover
and absenteeism.

The Nature of Asset Misappropriation 6


Asset misappropriation schemes generally start small and get larger as
perpetrators gain confidence in their ability to get away with their dishonest
schemes. While events, such as an internal or external audit, may threaten the
perpetrator's attempts at concealment and cause the scheme to be
discontinued for a period of time, once the threat has passed, the perpetrator(s)
will typically resume the scheme and continue to steal until the fraud is
detected. Since the Naira amount of the scheme almost always increases with
time, the amount a perpetrator steals in the last few days or months of the fraud
tends to greatly exceed the average amount taken during the earlier periods of
the scheme.

Classical fraud theory provides an excellent foundation to better understand


the motivations for asset misappropriation. This theory states that in order for
How to Prevent your Staff from Defrauding and Ruining your Business

asset misappropriation to take place, the perpetrator must:


1) Be experiencing a perceived pressure,
2) Have a perceived opportunity to commit the fraud, and
3) Find a way to rationalize his or her actions as acceptable.

While most pressures often involve a perceived financial need, perceived non-
financial pressures, such as the need to report better than actual performance,
frustration with work, or even a challenge to beat the system, can also motivate
fraud,
The opportunity involves the belief that the perpetrator can commit the fraud
and not get caught or if he or she does get caught, nothing serious will happen.
These opportunities don't have to be real; they must only appear to be real to the
perpetrator. This explains why the mere perception of detection acts as a
deterrent to fraud.

Common rationalizations include, “I'm only borrowing and will pay it back,” “it's
only for a short period of time,” “it's not hurting anyone,” or “they owe me.” The
three elements of the fraud triangle are essential to any type of asset
misappropriation scheme and are presented below.
In 1949, a criminologist at the University of Indiana identified many differences
between street crime and what he later described as “white-collar” crime. Such
differences included a violation by a person in a position of trust in professions
such as medicine, law, accounting, business, and banking. In addition, white-
collar crime is typically committed by those of high status and power.

The research and theories that Sutherland developed have become the basis
for much of the research currently conducted on organizational and
occupational fraud and abuse.
Donald Cressey, one of Sutherland's most successful students, took this idea a
step further by identifying three conditions, all of which must be present if
embezzlement is to take place.

These three conditions include:


1) financial problems defined as non-sharable,
2) an opportunity to violate trust, and
3) the rationalization of the act.
The Issues identified by the criminologist is the bane for most fraud committed
today especially in small scale/Medium scale firm where the level of control is
How to Prevent your Staff from Defrauding and Ruining your Business

not very stringent.

How People are Recruited to Participate in Asset


Misappropriation
The Report conducted by me suggested that in roughly two-thirds of fraud
cases, the perpetrator acted alone. However, when collusion was involved, the
median loss to the organization is four times higher than the amount lost to
perpetrators who acted alone. Recent research conducted by me, suggests
that multiple individuals become involved in asset misappropriation schemes
as a result of power that is exerted by the initial perpetrator on potential
collaborators.

This research also found that once an individual began to commit asset
misappropriation, he or she then recruited others to participate in the scheme
on an as-needed basis. Based upon this finding, the initial perpetrator of the
fraud may exercise one or more of the five types of power as described by
French and Raven (1959) on potential conspirators. These five types of power
include: reward, coercive, legitimate, referent, and expert power.

Reward power is the ability of a fraud perpetrator to convince a potential victim


that he or she will receive a certain benefit through participation in the fraud
scheme. Examples of such rewards may include a cash payment, a large
bonus, or even job promotion. Coercive power is the ability of the initial
perpetrator to make a potential conspirator perceive punishment if he or she
does not participate in the asset misappropriation scheme. Examples of
punishments that individuals may fear by not participating in a fraudulent
scheme may include public humiliation, whistle-blowing fears, or even job loss.
Expert power deals with the ability that the perpetrator may have to influence
others based upon the perpetrator's expert knowledge.

Individuals who are influenced by this type of power may not even be aware that
an asset misappropriation scheme is taking place and may do things that
enable the perpetrator simply because the victim believes the perpetrator is an
honest person who knows more about the policies and procedures that the
victim does. Legitimate power is based on authority. For example, the head of
the accounting department within an organization may claim to have legitimate
How to Prevent your Staff from Defrauding and Ruining your Business

power to make decisions and lead the organization – even if that direction is
unethical. In such situations, the accounts payable clerk may sign a Cheque
just because someone in authority has asked him or her to do so. Finally,
referent power refers to the perpetrator's ability to relate, on a personal level,
with the potential victim. In this type of situation, many individuals, when asked
to participate by a trusted friend, will rationalize the acts as being justifiable.

By understanding how perpetrators use power to recruit and persuade others to


participate in asset misappropriation schemes, it is possible to better
understand how frauds can grow and eventually involve many people.
power. Similar to the fraud triangle, the five types of power are interactive,
meaning that the more susceptible a potential conspirator is to the various types
of power, the less of the other types of power are needed to recruit the potential
conspirator to participate in the scheme.

Organizations with Weak Internal Controls


Prior research suggests that organizations with weak internal controls are
especially susceptible to fraudulent asset misappropriation schemes (KPMG,
2004).

International control weaknesses include: a lack of segregation of duties,


physical safeguards, independent Cheques, proper authorization, proper
documents and records (all internal control activities); overriding existing
controls; and an inadequate accounting system. Many studies have found that
overriding existing internal controls creates the greatest opportunity for asset
misappropriation schemes.

A good system of internal controls will help to deter and prevent asset
misappropriation schemes from occurring within organizations . The Institute of
Internal Auditors (IIA) has even recommended that auditors have a
responsibility to assist management with the evaluation of internal controls that
are used to detect and mitigate fraud (Institute of Internal Auditors, 2007).

Who Commits Asset Misappropriation?


Research shows that individuals involved in fraud, including asset
misappropriation schemes, have many common characteristics (ACFE, 2008).
How to Prevent your Staff from Defrauding and Ruining your Business

For example, men are twice as likely to commit fraud as females.

This research corresponds to other business ethics research that suggests


women are typically more ethical than men. Similarly, individuals who
participated in fraud are most likely to be between the ages of 41 – 50 years
old., for example, more than half of all perpetrators were over forty years old.

Most fraud perpetrators have attended or graduated from college and many
perpetrators have obtained a post-graduate degree. In general, the higher the
education level of the individual, the more costly the scheme is to the
organization. Individuals involved in fraudulent schemes tend to live beyond
their means and struggle with financial difficulties. Fraud perpetrators often
have a “wheeler-dealer attitude” and many refuse to take vacations from work.
Finally, many fraud perpetrators have personal problems and exhibit signs of
irritability and defensiveness.

While the recent study helps to better identify the types of individuals who are
involved in fraudulent asset misappropriation schemes, research has also
shown that essentially anyone can commit fraud. As a result, it is very difficult to
distinguish perpetrators of fraud based on demographic or psychological
characteristics.

Prevention of Asset Misappropriation

Since everyone loses once an asset misappropriate


fraud has occurred, organizations can realize huge
savings through fraud prevention. Most organizations
have some preventive controls in place, but realize that,
even the best controls, cannot prevent all frauds.

As was shown with the fraud triangle, anyone with perceived pressure,
opportunity, and an ability to rationalize their crime, can commit fraud.
Therefore, organizations should engage in pro-active fraud prevention,
regardless of how honest they believe their employees are.

Fraud prevention is another area where there has been little academic
How to Prevent your Staff from Defrauding and Ruining your Business

research.
What we do know is that the major elements of fraud prevention are
(1) creating a culture of honesty, openness and assistance for all
employees and,
(2) eliminating opportunities for fraud to occur.

Creating a culture of honesty, openness and assistance usually involves the


following elements:
(1) hiring honest people and providing fraud awareness training,
(2) creating a positive work environment,
(3) implementing effective employee assistance programs (EAPs).

Fraud Detection

Like fraud prevention, fraud detection is an exciting


area for future academic research. However.I delve
into it and this are the mitigants I came up with:

(1) Accounting anomalies, such as faulty journal entries, inaccuracies in


ledgers, or fictitious documents,
(2) Internal control overrides and breakdowns,
(3) Analytical fraud symptoms, which include procedures or relationships
that are unusual or too unrealistic to be plausible, for example,
transactions or events that happen at odd times or places; that are
performed by or involve people who would not normally participate; or
that include odd procedures, policies or practices. They might also
include transaction amounts that are too large or too small. Basically,
analytical symptoms represent anything out of the ordinary),
(4) Lifestyle symptoms (people who commit fraud usually meet their
immediate need and then gradually start to increase their lifestyles),
(5) Unusual behaviors (people who are involved in fraud often feel stress
and, as a result, change their behaviors to cope with this stress), and
(6) Tips and complaints that something is suspicious.
How to Prevent your Staff from Defrauding and Ruining your Business

Investigation of Fraud

Of these three fraud elements—prevention,


detection and investigation—more resources
have been spent on the investigation aspects
than prevention or detection. Many fraud
investigation methods examine the “act,” the
concealment, or the conversion elements of
fraud. Some of these methods include surveillance and covert operations,
invigilation, gathering physical, documentary, or electronic evidence, using
forensic software tools to capture electronic information, searching public and
private databases and Internet sites, 16 using the net worth method to
determine unsupported spending and various types of interviewing techniques.
Each of these topics deserves additional academic research. Most fraud
investigations are conducted by individuals trained in law enforcement, not
business. Usually, these investigators have more experience with investigating
property and street crimes, and are not familiar with the nuances of fraud.
Research that brings traditional investigative techniques to investigations of
fraud while taking into account the special nature of white collar crime could
potentially yield very fruitful results. Additionally, research that identifies the
most efficient and effective investigation methods and the best investigative
sequence for different types of frauds could also be beneficial. Each year,
hundreds of millions of Naira are spent on fraud investigation, when effective
prevention and better investigative techniques could reduce these
expenditures considerably.

Follow-up on Fraud and Fraud Perpetrators


Another area of potential research is learning how to effectively deal with fraud
perpetrators and their organizations once fraud has been discovered and
investigated. Most organizations do not prosecute perpetrators; rather, they
quietly dismiss them without any civil or criminal action to avoid the bad press
that accompanies the prosecution of the perpetrator. Research that combines
fraud knowledge with criminology research could be performed to determine
the best follow-up actions to take when fraud has been detected. We need to
learn more about the affects on the organization and employees that not
pursuing civil and/or criminal actions might have encourage others to commit
How to Prevent your Staff from Defrauding and Ruining your Business

fraud? How should the details of a fraud be communicated throughout an


organization so that employees will know that the organization doesn't take
fraud lightly? Are there any circumstances under which it is not effective to
prosecute a perpetrator? When should civil action be taken? What can be done
to change the organization culture to prevent similar frauds in the future? There
are many research questions involving organizational and individual follow-up
once fraud has occurred.

Fraud Statistics and Frequency of


Occurrence

While great strides have been made in recent


years to better understand asset
misappropriation, we still don't know some basic
facts regarding asset misappropriation schemes. This includes the prevalence
of asset misappropriation, its effect on organizations throughout the world, the
effectiveness and pervasiveness of proactive asset misappropriation detection
techniques, and the impact of contextual, environmental, and cultural factors on
this problem. Statistically valid empirical research is urgently needed to support
future efforts to mitigate asset misappropriation.
Statistics on asset misappropriation come from four basic sources: victim
organizations, insurance companies, government agencies and researchers.
Understandably, victim organizations typically attempt to put the fraud behind
them as quickly as possible. In order to minimize public exposure and
embarrassment, they generally do not make the fraud public or prosecute the
perpetrator (Bussmann and Werle, 2006). As a result, obtaining accurate asset
misappropriation statistics from victim organizations is difficult. 18
Many insurance companies provide fidelity bonding or other types of coverage
against asset misappropriation and often provide related statistics. However,
these statistics only correspond to the actual cases where the insurance
company provided employee bonding or other insurance – creating an
incomplete picture.

Conclusion
In conclusion, asset misappropriation is a very expensive problem for
How to Prevent your Staff from Defrauding and Ruining your Business

organizations. Unfortunately, few organizations proactively address this


problem, which creates a reoccurring cycle of theft within many organizations.
By creating a proactive asset misappropriation policy, organizations can
effectively assign responsibility and greatly reduce their susceptibility to these
schemes.
Asset misappropriation could provide a fertile area of research for
practitioners, academics, governmental entities, and others. While the last 50
years have greatly enhanced our overall understanding of asset
misappropriation, we still lack knowledge of some of its basic characteristics.
Specific areas of interest include asset misappropriation in international
organizations, the effects of culture on this type of fraud, and proactive
detection and prevention procedures. Finally, future research into asset
misappropriation must include longitudinal studies that help us better
understand how an organization's susceptibility to asset misappropriation
schemes varies depending on the state of the economy, the lifecycle of the
organization, the organizational culture, and the organization's industry.
It is our hope that the next few years will bring greater knowledge and
understanding to the problem of asset misappropriation. As with all types of
fraud, education and research is the key to its deterrence. When the fraud
examination community fully understands the nature of asset
misappropriation, we will be able to better design programs, tools, and
methods to minimize its occurrence within organizations. 21

FRAUD RISK MANAGEMENT–


LOSS CONTROL CONSIDERA
TIONS

Developing a fraud risk management program


that includes loss control measures is critical to
the detection, mitigation, and prevention of fraud related risks.

Loss control measures need to take into account the company's industry,
corporate structure and organization, geographic locations, customer base,
vendor relationships, and regulatory environment.
Although not exhaustive, an effective risk management program may include
How to Prevent your Staff from Defrauding and Ruining your Business

the following types of internal controls:

Employee background screening,


This is carried out for by the Company especially for employment applicants for
positions involving trust, such as handling cash, inventory, and financial
statements and records.
Screening of potential employees should involve checks of criminal history,
credit reports, verification of employment and education, and drug testing.

An employee screening program should be commensurate with the company's


fraud risk and take into account applicable legal considerations.

Customer feedback, reports, and complaints.


Companies often pay little attention to feedback from their customers, vendors,
and other external sources. Yet ignoring this feedback can result in a failure to
detect and respond to possible fraudulent activity.
Effective oversight.
Monitor, review, and supervise financial-related activities on a regular basis at
multiple levels, including account reconciliations,
exception reports, trend analysis, budget and/or plan variance analysis,and
audits.

Mandatory vacation policies.


Require employees who hold financial positions to take regularly scheduled
vacations, and do not allow them to conduct company business while on
vacation.

Fraud reporting programs.


Have a program for facilitating the reporting of suspected fraud by employees
and others.

Fraud awareness programs.


Include training employees, and even vendors, in the fraud risks that threaten
your business. This training should focus on identifying warning signs (“red
flags”) of potential fraud.
How to Prevent your Staff from Defrauding and Ruining your Business

Fraud deterrence programs.


Create a “perception of detection.” A reputation for aggressively investigating
indications of fraud can have a strong deterrent effect. On the other hand, a
reputation for ignoring possible fraud may prove to be an invitation for
perpetrators.

Effective follow-up and/or investigation. Establishing written policies and


procedures, and assigning responsibility for implementing them, for follow up
and/or investigation when “red flags” are noted, policy and procedure
violations occur, and allegations of improprieties surface is critical to ensure
that investigation and remediation occurs.

“Zero-tolerance” fraud policy. One fraud deterrence strategy is to


announce, communicate, and enforce a “zero-tolerance” fraud policy.

Cooperation with prosecution efforts.


In the event of fraud, execute all required affidavits of forgery, provide
requested documentation, make company staff available as a witnesses, etc.
It is important that a company consistently demonstrate its commitment to a
zero-tolerance policy with support for prosecution of any person found to have
been engaged in fraudulent activity.

Internal audit/internal investigative units.


Internal audit and/or internal investigative units are mechanisms for companies
to monitor and look for violations of corporate policy and breakdowns in internal
control.

Companies should evaluate whether to establish these units separately or to


combine them.

General fraud detection practices.


Fraud detection can be practiced within various areas of a company and often
may be part of the role of the internal audit or investigative unit. Some fraud-
detection practices that businesses should consider include:
■ Variance analysis, performed to evaluate variances from budget or
other expectations.
■ Data mining of financial transaction information to identify patterns
How to Prevent your Staff from Defrauding and Ruining your Business

and trends.
■ Analysis of data correlations to identify anomalies in the expected
relationship between related or dependant financial report account
balances or other data.
■ Computerized tracking and analysis of employee expense accounts
performed on an ongoing basis in order to detect and respond
to anomalies (such as an employee with abnormally high travel
expense patterns).
■ Review of supporting documentation to identify instances where that
documentation is inadequate or suspect.

■ “Fraud audits” specifically targeting possible fraud in specified


processes or business units.

Vendor management.
A company can protect itself from vendor fraud by
using an effective vendor screening program.

Such a program can:


■ Verify that a vendor actually exists and that the identification data
provided by the vendor (address, for example) is accurate.
■ Verify a vendor's ownership and the identity of key management
personnel (and screen for potential conflict-of-interest concerns).
■ Determine if a vendor, its owners and affiliates, or its key
management personnel have a history of criminal activity.
■ Determine if a vendor, its owners and affiliates, and its key
management personnel have an acceptable business reputation.
■ Verify that a vendor has the requisite qualifications, licenses,
certifications, permits, and insurance coverage.
A company may also wish to include the following in its vendor

Fraud program:
■ Procedures for approving orders, authorizing payments, issuing
cheques, and reviewing vendor payments, bearing in mind appropriate
segregation of employee duties.
■ Prepayment review of vendor invoices, including reconciliation with
company orders and authorizations, receiving reports, returns, and
adjustment records.
■ Internal audit of the accounts payable function.

2 Always obtain competent legal advice before implementing vendor screening


programs. For example, screening programs that include credit history
cheques must be properly administered in order to maintain compliance with
applicable laws.
■ “Vendor audits,” which typically include examination of a vendor's
records and documentation that support the billings made to
your company.
■ Publication of a company policy for regular vendor reviews
and audits.

Cash and cheque management.


Policies and procedures for handling cash need to
address fraud risk. The tangible value of cash and
the potential for misappropriation is a “real” risk that
warrants several loss control measures.

■ Assess the need for manual cheques. Unless there is a genuine


business need for manual cheques, get rid of them.
■ Strictly control the number of people who can authorize issuance
of a manual cheque; require double signatures where appropriate
and feasible.
■ Safeguard and strictly limit access to blank cheque stock.
■ Conduct a regular inventory of blank cheque stock, and promptly
investigate missing/destroyed blank cheque stock.
■ Monitor and enforce mandatory data entry of all manually issued
cheques within a prescribed time period. Require periodic reports of all
manual cheque use, including negative balance reports and cheque-stock
inventory verifications.
■ Audit/review manual cheque use regularly, including examination of a
sampling of cancelled cheques to determine if payee, address, and
amounts are consistent with company records.

Review endorsement information on the reverse side of the cheques;


determine if endorsements are suspicious in any way.
■ Reconcile bank statements, and clear exceptions and identified
differences. Exceptions and unresolved differences should be
promptly brought to the attention of the appropriate level of
management and resolved.

Report all discrepancies and issues to your bank, both to alert


your bank and to protect your legal rights and remedies.

■ Use cheques with adequate security features. (Consult with a


commercial banker regarding security features.)
■ Examine cancelled cheques returned for indication of alterations,
duplicates, or counterfeits. For example, counterfeit cheques typically
do not have the micro-encoded features. Any cancelled cheque where
the bank has manually encoded the bank account and routing
information should be considered suspect.
■ Consider the use of “positive pay” or “reverse positive pay” protection.
■ Cooperate with prosecution efforts.

“Positive pay” and “reverse positive pay” protection.


“Positive pay” may be thought of as an anti-cheque-fraud process where you
and your bank compare notes about the cheques issued on your account
before they are “paid” into the banking system. Essentially, positive pay works
as follows:
■ The company prepares an electronic listing of the cheques (drafts)
issued (a “cheques issued” list) and submits this list to its bank each
day. Key information included on this list includes the cheque number,
cheque amount, and date.
■ The bank compares the “cheques issued” list to the information on the
cheques presented for payment on account.
■ The bank identifies presented cheques that do not match the
company's “cheques issued” list and reports discrepancies to the
company.

Cheques with identified inconsistencies are not honored by the bank unless the
company specifically authorizes payment.
Instead, these cheques are returned through the banking system and are not
charged to the company's account.

■Other presented cheques are routinely paid through regular


banking procedures.
“Reverse positive pay” works much the same way but involves the company's
reviewing a list of cheques prepared by the bank (a list of “cheques presented”)
rather than a list prepared by the company. The company would compare the
“cheques presented” list against internal records of the cheques the company
has issued. In the “reverse positive pay” process, the company would typically
need to notify the bank as to which cheques to pay and which to reject.
Additional information about “positive pay,” “reverse positive pay,” and other
cheque-fraud protective measures may be obtained from commercial bankers
and other financial institutions. Bankers are also an excellent source of
information concerning the types of fraud currently being experienced by
businesses. Take the time to meet with your banker concerning cheque fraud.

Asset management and disposal. Companies should have a comprehensive


asset management program in place. Generally, this means that assets valued
above an established amount are tracked by the company from the date of
receipt to the date of final disposal. Although asset management programs will
vary according to individual circumstances, these programs typically
incorporate many of the following features:

■ Detailed inventory records.


■ Tamper-resistant asset identification tags.
■ Physical security measures and building-access control.
■ Periodic physical inventories of assets. Inventories of assets in
dispersed locations should be conducted simultaneously to prevent
double-counting or “ghost inventory.”
■ nvestigation of inventory discrepancies.
■ Tracking of “retired,” obsolete, scrap, and salvage assets/inventory
and sales proceeds. Companies often lose sight of these assets when
they are retired from use, written off, or otherwise removed from their
financial books.

Payroll.
Payroll is a common area of fraud, thereby
making fraud controls critically important. A
payroll fraud program should enable
management to:

■ Compare employee termination dates and payroll dates. For


computerized pay systems, such comparisons could be automated
with exception reports generated for follow-up by internal auditors
or others.
■ Monitor changes in employee payroll mailing addresses, direct
deposit accounts, or cheque deposit instructions, particularly if
changes occur more than once in a short span of time (particularly if
the end result is a change back to the original information).
■ Review employee pay for sharp increases for one or more pay periods
or for the very last pay period spent with the company.
■ Review employee pay for similarly situated employees.
■ Review for employee names found in payroll records but not in
company rosters, email address directories, or telephone lists.
■ Ensure that commonly expected deductions are made for
all employees.
■ Review employee mailing addresses on file for suspicious addresses
(e.g., a “mail drop” address, an address for an unrelated employee, or
an inconsistent work location).
Conflicts of interest, kickbacks, bribes, and
employee corruption.
Businesses also need to ensure a culture of honesty and integrity.
Measures to consider:
■ Develop, document, and regularly communicate high ethical
standards for all business dealings and activities.
■ Provide ethics training to employees. Ensure that ethics training and
manuals include practical guidance for “real world” situations faced by
employees.
■ Insist that company leadership set a high ethical example (“play by
the rules”).
■ Develop a culture that supports, and expects, reporting of
ethical lapses.
■ Take appropriate and consistent action when issues arise and
violations occur.
■ Accept only original documents (i.e., photocopies are not acceptable).
■ Incorporate prepayment review of employee expense reports, by a
business unit supervisor or manager and someone from finance or
accounting, for appropriateness and reasonableness.
■ Conduct random audits of paid employee expense reports.

Segregation of duties.
Establishing effective segregation of duties involves understanding
employees' roles, responsibilities, and access to financial records, assets, and
systems.
A company needs to evaluate its business operations, including:
■ Incoming payment receipt and payment recording (bookkeeping)
functions. Incoming mail from customers should be opened by
someone other than the person recording customer payments in the
company's records. All receipts contained in incoming mail should be
individually listed by the mail opener for later comparison with the
recorded receipts.
■ Disbursement recording (bookkeeping) and disbursement
authorization functions. The person responsible for recording a
disbursement should not be the same person who has the ability to
authorize the disbursement.
■ Disbursement authorization and disbursement issuance functions. The
person with authority to authorize a disbursement should not be the
same person who issues the actual payment.
■ Segregation of the authority to authorize account adjustments
(including account write-offs) from the ability to perform account
bookkeeping/account adjustment functions.
■ Account reconciliation and account recording (bookkeeping) functions.
Although bookkeeping may prepare a preliminary reconciliation for
operational needs, financial controls reconciliation should be
performed by someone separate from the recording function.

Segregation of duties may be difficult to achieve in smaller businesses where


sufficient staff may not be available to handle separate task assignments.

In these cases, businesses may need to rely on other controls, such as closer
oversight by owners and managers, more frequent reconciliations and account
balance confirmations and, if possible, more frequent rotate