Format of this article:
It’s your Money, Protect it
Business owners have a great many things to worry about in the function of their company. Sales revenue, vendor payments, inventory levels, the list is endless. One of the worst items on the list is embezzlement. The warning signs of embezzlement are numerous; however, many ignore these red flags. Things like excessive personal spending, shrinking profit margins and odd account changes could all signal embezzlement. Knowing what to look for and how to react to warning signs is key to not becoming one of the long term victims.
The Association of Certified Fraud Examiners (ACFE) periodically releases data on global fraud. Statistics from the ACFE 2018 Report to the Nations shows the median loss per case is $130,000. Small businesses are likely to suffer losses twice as much per occupational scheme. This makes sense when you consider that small businesses are less likely than larger companies to have any anti-fraud controls. Two of the biggest takeaways from the report are in the duration category and method of discovery. The median duration for schemes lasts between 12 and 30 months. The top way that most frauds (40%) are uncovered is by a tip. This drives home the point that, lack of anti-fraud measures leads to longer duration and less discovery by prevention/detection measures. If the central way you are finding fraud in your business is hoping to be tipped off, you need to step up your security measures.
What You Need
Another important statistic is that 84% of fraud perpetrators displayed at least one behavioral red flag. Do you know the warning signs of embezzlement? More importantly, do you know what your response would be if you uncovered fraud? The reality is that many businesses put themselves at risk by approaching fraudsters without competent advice. The days of confronting a potential perpetrator with minimal evidence are over. False or inadvertent accusations could leave you owing more than was stolen from you, even if the person is guilty. Take my advice, read this article to learn the clues, but contact a professional to move forward in an investigation. This list is in no specific order. What one company experiences is far different than another. Always consult professional for advice. You can CLICK HERE for help.
Question: What are the three elements of the Fraud Triangle?
1. Non-shareable problem
“Look! I hired the model employee. She never takes a vacation or day off and comes in when sick. She never leaves this place!” Have you thought this, or worse said it aloud? Maybe you’re onto something, you could have hired God’s gift of employees, buuuuut…The reality is different. There are very few people that love their work to the point they can never leave it, i.e. separation anxiety. Never leaving your phone or being tethered to a device for fear of missing a call is part of neurosis. This aspect of human nature is different than what I’m speaking about. Let’s separate some personalities. People that HAVE TO be in constant contact with the world are needy. They aren’t necessarily thieves, just desirous of human contact. However, those that can’t separate from your business, are different. How do you determine this warning sign of embezzlement?
Who’s the thief?
Consider human nature when it comes to relaxation. We all need time to decompress. Cats perform this aspect of life the best. They sleep 18 hours a day, how sweet is that. While humans aren’t quite so lazy, we do need down time away from the job. If an employee is at the office more than the manager (boss), it should raise concern. To prove my point, look at the statistics when it comes to what employees are looking for in a job today. They want to work from home and flexibility. While this presents its own dangers, does it jibe with someone that never wants to leave an office? Not anymore. If the employee uses the office as their nest, they could be hiding something. When you see the warning signs of embezzlement, do not overlook them.
“That’s mine! Why are you touching my junk?” No one wants to invade a coworker’s space. This is like office etiquette 101. Would you want someone poking around and fondling your acrylic reproduction of Finn and Jake? Probably not. I know I wouldn’t. Yet there is a line that you should be able to discern when it comes to information. In today’s office, as much as I hate to admit it, your desk and “area” must be open for inspection. I don’t mean that management should be going through your stuff, but, in a way, most of it ain’t your stuff. Let’s be clear. When you’re at work, the company owns your workstation, work product and anything you do with their equipment. The job of management is to make the employees understand that any work product is owned by the company.
What do you do?
Here’s a great example you can use with obstinate employees. I’m a CPA and I work for a CPA firm. I perform many tasks and exist under the umbrella of the firm. Even though I’m a separate professional from their organization, with a license and possibly work of my own, when I work for them, they own me. Which means anything I do affects the company and they have the right, and responsibility, to have access to anything I do for the company. I’m no different than a gas station attendant or an office clerk. This is a very valid point that you need to insert into your orientation and employee handbook. Companies own the information, you are just a facilitator of it. It will help avoid problems in the future.
Most functions in business can be boiled down to amounts and counts of items. Those items can be amounts per transaction, order or invoice. Or the number of customers served, over-rings or times a cash draw was opened. However, is one hundred transactions the norm? Is an amount per sales transaction of $50 abnormally high? Low? Is it in range? What is the range? We look at outlying data to determine where our focus should be in detecting the warning signs of embezzlement. Cashiers with abnormally high numbers of over-rings could be hiding something. A salesperson with sales far exceeding, or below, others could be manipulating data. Also, this information can help to motivate cashiers to up-sell. Consider if the average sale amount for one of your cashiers was far lower than others. This person could be prompted to up-sell customers and create larger sales.
For the purposes of this discussion we will only focus on the fraud aspect of analysis. The concern when developing data is determining what constitutes unusual and numerous. This grey area of determining high or low can be alleviated with statistics. For this task you would develop a confidence interval to determine what data lies outside of your norm. A confidence interval is a range of values with a probability that a value of a parameter lies in it. Let’s ease up on this explanation, here’s a link to confidence interval information that is basic and clear, and try a retail theft example.
This Could Work
Let’s say you have a dozen-ish cashiers working 35 overlapping shifts a week. One could create a confidence interval for the number of times a cash draw was opened without a sale during a shift. Then you would place a value like 95% certainty on the interval. You would now be able to create an interval of which you could say, I have 95% certainty a cashier should have a number of no sale rings within that range. Any amount that lies outside, generally on the high end, should investigated. Remember, a number outside the range does NOT imply wrong-doing, many people make this mistake. All you glean from an outlier is that it is an unusual number which should be investigated. Never accuse a worker of wrongdoing without seeking professional advice on how to handle such matters. Going it alone can become legal nightmares if not handled appropriately.
Question: What is the best way to catch someone that is "testing your controls"?
Monitor password access and unusual login attempts.
This is one of the warning signs of embezzlement that can go unnoticed. Quite often the reason it is not detected has to do with lack of oversight. Management and IT staff are the biggest fail point in the detection of attempts to access restricted information. The signs that it is happening can sometimes be subtle unless you know exactly what to look for. You could be looking at minor things like the number of failed login attempts at data files or programs. This would be something found in the back ground of the IT system. Many cloud backup providers like Microsoft365 have a massive amount of available information on their admin control panel.
The testing of controls is similar to failed access attempts. In this scenario the employee might try moving, but not taking items to see if anyone notices. They are testing whether your fraud prevention measures are working or checking to see if you have any. It can be hiding product so if they are caught they can claim a mistake occurred. Or they might just dive in and steal small amounts of cash from the cash draw. Always remember, this is how most frauds begin. An employee starts taking small amounts of cash. As the thefts go unnoticed they begin to steal more and more. By more it will be more times and larger amounts. In many frauds the perpetrator has no idea how much they’ve stolen. This is because they start small and build-up to a point where the amounts are an after thought to continuing the fraud.
Question: What are the biggest red flags in an employee's lifestyle?
1. Purchasing an expensive car
2. Always picking up the tab
3. New expensive clothes and jewelry on a regular basis
4. Secrecy, or overly boastful, when asked about expensive purchases
5. Creditors calling your business about them
The lifestyle of your employees can tell you if there are increased odds that they are stealing. The funny thing about the lifestyle cues is that sometimes a fraudsters own family ignores the signs too. This is an example from something that I was a part of investigating. The perpetrators spouse actually got the ball rolling. During a routine conversation with the spouse she mentioned she was worried about a car repair that had come up. She explained however that her husband was able to cover the cost. She went on to say that her husband quite often came up with cash for unexpected expenses and he called it “magic money”. Boy, do you really need to be hit over the head to start an investigation after that? In the end, the husband was fired and forced to pay restitution for all the “magic money” he had relieved the employer of.
While none of the following items prove fraud, they are indicators. Some of the warning signs of embezzlement in this area are an employee creating money from nowhere when needed. The purchase of an expensive car can also be an indication of fraud. This one needs to be taken in context though. Some younger people can afford more car because they live at home. However, if you have an employee making $30,000 a year and they show up with a car worth $75,000, you should probably be concerned. Jewelry is something to watch. While some expensive looking items can be faked, keep your eyes open. A final thing to look for is correlation between how the employee talks about funding their lifestyle and how they act. Someone that always talks about being broke and borrows against payday then shows up with a new car could be a problem.
Question: What is the calculation for a profit margin?
Gross Profit Margin = (Net Sales-COGS)/Net Sales
0.75 (75%) =(1000-250)/1000
A shrinking profit margin can be a sign of many things. Perhaps you’re spending too much or not keeping a good eye on expenses. Alternatively, you could have someone siphoning off cash from your business and using it to fund their lifestyle. The warning signs of embezzlement in this are can be found through data analysis. Research of your margins against past performance could show signs that someone is bilking you through the accounts payable system. This could be determined by a thorough run through the payables system. Employees could be paying fake invoices, inadvertently paying bills twice or working with an accomplice to over charge the company for product. Now look at your receivables. You could have someone writing off accounts after stealing the incoming payments or writing off invoices for an customer they know. Written down or written off accounts should be reviewed.
Question: What documents tend to be the most fraudulent?
Documents that are not originals tend to be more prone to fraud. i.e. photocopies or hand written documents
To me, missing documents should always be investigated. I spent some time in accounts payable and tried to make sure all documentation was viewed prior to paying an invoice. If invoices are being paid without proper authorization on documents, you could be getting scammed. When paying out you should have an invoice, a receiving ticket, preferably a purchase order. At a minimum there should be traceable authorization on the PO, a signature on the receiving documents and an invoice that looks real. By real it should have the company information, PO number and other identifying information. Your system should be set up to track all of these movements from order to invoice payment with capabilities to see who approved what. If any information looks altered or whited out it should be followed up. Documents may get dirty, stained or torn, but they shouldn’t look altered in any way.
Question: What is "lapping"?
Lapping is when Customers A’s payment is stolen and then Customer B’s payment is applied to it. Next Customer C’s payment is used for Customer B’s account.
If you start getting calls from customers claiming they paid a bill, but are still being charged, this is one of the warning signs of embezzlement. As well, if vendors are calling for payment after your usual payment cycle, it’s a sign. Anyone can drop the ball and not record a customer payment, we all do it. But if the calls become routine and seem like they’re happening more often, it could be a red flag. If a customer has paid a bill but keeps receiving new ones it could be that a lapping scheme is happening.
Lapping is when Customers A’s payment is stolen and then Customer B’s payment is applied to it. Next Customer C’s payment is used for Customer B’s account. This continues and as the fraud gets larger, the backup creates problems. These problems result in customers that have paid an invoice being billed for it. Obviously, a customer receiving a bill after paying it will call you to complain. These types of complaints should raise a red flag and be investigated.
Similarly, if a vendor calls for payment long after it was sent, you could have someone stealing payments. Without proper segregation of duties, someone in accounts payable could reroute checks. Let’s say the AP person writes checks, signs them and reconciles the bank statement. This situation is prime for the following problems. The clerk could write checks to himself instead of to vendors and then alter bank reconciliations to cover up. They could also work with accomplice vendors to issue payment on fraudulent invoices. There are a host of problems that arise when the same person handles several duties in the same accounting cycle. Always try to separate job functions to different employees. As well, keep your eyes and ears open for the warning signs of embezzlement.
Question: What is the easiest accounts receivable scam?
Writing off old accounts is the simplest method of fraud employees can perform. Far too many companies have lax controls on accounting. This allows someone in AR to steal a customer payment and then write off the account as a deadbeat.
Sharp increases in bad debt write offs sometimes are warning signs of embezzlement. Another segregation of duties no-no is allowing the same person that receives customer payments to be in charge of bad debt write-offs. Or even having access to this portion of the accounting system. All bad debt written down should receive approval of a person separate from the accounts receivable and sales functions. Both of these individuals, if fraudsters, has an interest in writing off accounts receivable. Too often companies use people in many positions and never check their work. If your accounts receivable person can receive an incoming check, steal it and then write off the accompanying account, you have a problem. With a smaller staff this may be a possibility, so you need to have increased oversight. This can be as simple as approval for write-offs, review of accounts and payments or job rotation.
The grand-daddy of all the warning signs of embezzlement are addictions. One of the sides of the Fraud Triangle is having a non-shareable problem. See this article for more on the fraud triangle. Addiction in and of itself does not indicate a propensity for fraud. The problem comes in when the addiction creates the real non-shareable problem. This can be increased debt, spending excessively because the addiction becomes worse or maybe the addiction is stealing. If an employee likes to gamble it doesn’t mean they will steal. But as the loses mount, they may need to replace those funds to pay their bills and continue gambling. This is when they begin to contemplate theft. The same goes for drug addiction. As the addict needs more opiate to sustain on a daily basis, their job may not provide the funding. At this point they turn to stealing.
The Bottom Line
When addressing the warning signs of embezzlement, be vigilant. Sticking one’s head in the sand will not suffice when running a business. Managers, officers and owners need to observe their employees. Consider that by spending five or ten minutes a day with your employees, you could unknowingly stop the next fraud. This actually works. Studies have shown that managers who show an interest in their employees are less likely to be robbed by them. This is because you are removing one of the fraud motivators, rationalization. Many can rationalize stealing from an employer that is aloof or disinterested. But it is way harder to steal from a boss that you like and can talk too. Which could also lead to an employee sharing a non-shareable problem. This would knock out another trigger for theft. Be aware, be open and be present with your employees. It could save you a lot.
Ernest L Tomkiewicz CPA has been called by some “the best affordable accountant and CPA” in New Hampshire. He has worked as an accountant and auditor for decades providing services to Massachusetts and New Hampshire. Saint Joseph’s College in Maine has conferred upon him a Master’s degree in Accountancy as part of his educational background.
His experience was broadened under the direction of Diane B Rohde CPA PLLC, where he worked for many years. Ernest has membership in the American Institute of Certified Public Accountants, the Association of Certified Fraud Examiners, the New Hampshire Society of Certified Public Accountants and the Greater Concord Chamber of Commerce.