Firstly, there are two types of fraud: 1) fraudulent financial reporting, usually orchestrated by upper management, involves misrepresenting financial results in the form of falsifying transactions or intentionally misusing accounting methods, and 2) misappropriation of assets, in which employees steal company resources, such as cash or inventory. For our purposes, we will be dealing with the latter.
The fraud triangle — a term developed by Donald Cressey — helps explain why and how employees commit fraud in the workplace. According to Cressey, in order for fraud to occur, three things must exist: pressure, rationalization and opportunity. The first and second elements answer WHY fraud is committed. Mounting debt, growing families and lavish lifestyles are all pressures that employees might feel when deciding if they want to commit fraud; basically it comes down to need and/or greed. Workers might rationalize the fraud with thoughts such as, “It will be like a loan; I’ll pay it back when my financial situation changes,” or “I haven’t received a raise in three years; I deserve this money,” or often, “It’s such a small amount, no one will even notice.” Fraudsters all have different pressures and rationalizations for their crimes that business owners can hardly dictate. However, the fraud triangle indicates that all three factors must be present for fraud to occur, and fortunately, owners and management do have a say regarding the final third apex.
Opportunity satisfies the question of HOW fraud is committed. How easy does the business owner make it for the crook to steal? Is one employee solely responsible for the receipt, recording and reconciling of cash? Are large payments sent to vendors without some type of management review? Is actual inventory never reconciled to the books? These are all examples of flaws in operational controls that leave a company susceptible to misappropriation of assets. If business owners eliminate the opportunity for fraud to occur, no amount of pressure or rationalization will ever override that.
In a perfect world, owners would oversee all operations, verify each transaction and reconcile every penny. But when would they find time to acquire new patients, tackle strategic planning and perform all the other managerial duties that ensure that their medical practices continue to grow? There are better, cheaper and more efficient ways for the physician owners to stay out of the details and still run with adequate controls.
1. Ensure that the person collecting cash and/or opening the mail with patient and insurance remittances cannot post to the accounts receivable sub-ledger. This might not guarantee that the money collector will not redirect customer receipts into his or her own pocket, but the patient account will show delinquent after several weeks of nonpayment and a simple phone call to said patient will help track down the missing money and the culprit sooner.
2. Require each invoice that comes to the check signer’s desk to have a purchase order attached with some sort of stamp of management approval. This helps ensure that phony invoices are not paid with company resources. There should also be a dollar threshold that requires certain checks to have two signatures, i.e., checks written for more than $10,000 must have two signatures.
3. Compare current payroll runs to previous payrolls and investigate differences. Owners should also review the payroll system master file to ensure any changes made are accurately reflected. This could help deter employees from creating “ghost” employees who might cash out on two paychecks or from increasing hourly rates or overtime hours that did not occur or were not authorized.
4. Impose mandatory extended vacations for key employees at least yearly. Employees who commit long-term fraud must have a more than faithful presence in order to have ultimate charge of the records they are manipulating and to circumvent any issues that come up that would expose their embezzlement. A two-week vacation is a common benchmark that assures enough time to uncover any abnormalities.
5. Review monthly bank statements and have the bank include all canceled checks. Owners can scrutinize the cash ins and outs and search for unauthorized payments or forged checks.
6. Create a vendor master list that contains only those vendors approved by the owners. Then purchase or create a payables system in which checks cannot be written for vendors that are not on the list. This reduces the risk of making payments to seemingly clever employees disguised as phony vendors with the use of fake business names and separate P.O. boxes.
Now is the time to take control of your controls and stop the fraudsters before they act. Remove the opportunities and you have an incomplete fraud triangle and a company with stronger controls, and hopefully for assets.
Ruth Menchaca, CPA, is a Supervisor in the audit department with Sol Schwartz & Associates PC. Menchaca’s expertise is mainly focused on accounting and auditing services for individuals, privately-held and not-for-profit companies, and 401k plans. She has worked on audits, reviews and compilations in a variety of businesses including retail, construction, real estate, nonprofit and employee benefit plans. She also has experience performing bookkeeping, general ledger clean-up work for clients and tax services for individuals, corporations and partnerships. Contact her at 210-384-8000 or via email at firstname.lastname@example.org.