Company owners and managers may hesitate to admit it, but fraud could be taking a bite out of their business. It is seldom a sophisticated scheme; many are simple, obvious thefts. Most cases are perpetrated by a trusted employee, for trust is the operative word when discussing occupational fraud.
Occupational fraud takes many forms and occurs in all types of businesses. The typical organization loses 5 percent of its annual revenues to fraud, according to the 2012 “Report to the Nations on Occupational Fraud and Abuse” from the Association of Certified Fraud Examiners (ACFE) in Austin, TX. That’s big money—especially for small and medium- sized businesses—and it can represent significant losses to narrow margin companies in the produce industry.
Although ACFE president Jim Ratley believes fraud is preventable, a controller with a Canadian fruit wholesaler (who asked to not be identified) says keeping fraud at bay is not so easy. “The produce industry is based on trust, and it is vulnerable to fraud because trust is easy to take advantage of.” In addition, given its fast pace and fluctuating prices, the produce business is particularly susceptible to collusion—so internal controls are difficult to enforce, especially on the sales floor.
Defining Occupational Fraud
Occupational fraud can encompass a broad range of schemes, all of which will ‘enrich’ an employee through deliberate misuse or abuse of an employer’s resources or assets. According to the ACFE report, the top three types of fraud affecting businesses involve asset misappropriation, financial statements, and corruption—however, although these were considered separate categories, there was some overlap where more than one type of fraud was reported at the same time.
Asset Misappropriation
Asset misappropriation is stealing or misusing an employer’s resources and includes theft of cash, manipulated billing, and expense account fraud. It is the most common type of occupational fraud, representing 86.7 percent of reported cases in 2012, but is the least costly with a median loss of $120,000. It is also a crime of opportunity with access as the key factor, ranging from stealing office
supplies and petty cash to check tampering for payroll or cash disbursements.
Financial Statement Fraud
As its name implies, financial statement fraud is the intentional misstatement or omission of information from an organization’s financial reports, such as recording false revenue, understating expenses, or inflating reported assets. Though this type of fraud occurs the least, at only 7.6 percent for 2012, it was the most costly with a median loss of $1 million.
Corruption
Corruption is the misuse of an employee’s influence to gain direct or indirect benefits from business transactions. Though the frequency was less than asset misappropriation, corruption occurred in a third of 2012’s reported fraud cases with a median loss of $250,000 per occurrence.
Company owners and managers may hesitate to admit it, but fraud could be taking a bite out of their business. It is seldom a sophisticated scheme; many are simple, obvious thefts. Most cases are perpetrated by a trusted employee, for trust is the operative word when discussing occupational fraud.
Occupational fraud takes many forms and occurs in all types of businesses. The typical organization loses 5 percent of its annual revenues to fraud, according to the 2012 “Report to the Nations on Occupational Fraud and Abuse” from the Association of Certified Fraud Examiners (ACFE) in Austin, TX. That’s big money—especially for small and medium- sized businesses—and it can represent significant losses to narrow margin companies in the produce industry.
Although ACFE president Jim Ratley believes fraud is preventable, a controller with a Canadian fruit wholesaler (who asked to not be identified) says keeping fraud at bay is not so easy. “The produce industry is based on trust, and it is vulnerable to fraud because trust is easy to take advantage of.” In addition, given its fast pace and fluctuating prices, the produce business is particularly susceptible to collusion—so internal controls are difficult to enforce, especially on the sales floor.
Defining Occupational Fraud
Occupational fraud can encompass a broad range of schemes, all of which will ‘enrich’ an employee through deliberate misuse or abuse of an employer’s resources or assets. According to the ACFE report, the top three types of fraud affecting businesses involve asset misappropriation, financial statements, and corruption—however, although these were considered separate categories, there was some overlap where more than one type of fraud was reported at the same time.
Asset Misappropriation
Asset misappropriation is stealing or misusing an employer’s resources and includes theft of cash, manipulated billing, and expense account fraud. It is the most common type of occupational fraud, representing 86.7 percent of reported cases in 2012, but is the least costly with a median loss of $120,000. It is also a crime of opportunity with access as the key factor, ranging from stealing office
supplies and petty cash to check tampering for payroll or cash disbursements.
Financial Statement Fraud
As its name implies, financial statement fraud is the intentional misstatement or omission of information from an organization’s financial reports, such as recording false revenue, understating expenses, or inflating reported assets. Though this type of fraud occurs the least, at only 7.6 percent for 2012, it was the most costly with a median loss of $1 million.
Corruption
Corruption is the misuse of an employee’s influence to gain direct or indirect benefits from business transactions. Though the frequency was less than asset misappropriation, corruption occurred in a third of 2012’s reported fraud cases with a median loss of $250,000 per occurrence.
Modus Operandi
When workers consider committing fraud, Ratley says they must first have the opportunity. Many have financial need as a motive, as well as the ability to rationalize the crime.
But Ratley says it usually comes down to negligence on the part of management for not paying attention or having adequate controls or oversight in place. “Smaller companies— organizations with fewer than 100 employees—are twice as likely to be victimized by fraud,” he says, due in large part because managers know their people, may be friends with or socialize with them, and do not believe their employees are capable of stealing or taking advantage of them or the company.
Financial statement fraud generally involves high-level employees, and in some cases the company’s management itself. It can range from falsifying sales, profits, or assets to securing loans, or in the case of public companies, to increase earnings per share. It happens far less often than other types of fraud, but can result in huge losses.
The Canadian controller says his company has implemented many controls to prevent financial fraud, but collusion can be difficult to uncover or document. One example is kickbacks from a customer who receives preferential pricing, but due to the volatility of the perishables market, such discrepancies can be very difficult to detect and nearly impossible to prove.
Types Of Victims And Perpetrators
The most common victims of fraud are smaller organizations (under 100 employees), which reported 31.8 percent of 2012’s fraud cases and had a median loss of $147,000. Next highest were companies with 1,000 to 9,999 employees, at 28.1 per- cent of fraud cases, but with a median loss of $100,000.
The fewest reported cases (19.5 percent) came from organizations with 100 to 999 employees, though this category suffered the highest losses at an average of $150,000 per occurrence. Lastly, firms with over 10,000 employees reported 20.6 percent of cases with a median loss of $140,000.
In most schemes reported by ACFE, the smallest companies had the highest number of cases compared to firms with over 100 employees, but not all. For example, in billing fraud, smaller firms accounted for 32.2 percent of cases compared to the larger firms’ 22.2 percent, but in corruption, smaller companies comprised 27.9 percent of cases compared to 34.9 percent for the larger organizations.
Ratley divides perpetrators into two major types: predators and opportunists. Predators, he says, will “steal no matter what” but most employees fall into the second group, seizing an opportunity because they have financial problems and are unhappy—with the company, their boss(es), or life in general—or feel they have a right to the assets for any number of reasons.
By position within a company, most occupational fraud is committed by regular employees and managers, though 17.6 percent is attributed to owners and/or executives.
Median losses, however, were higher at the top: $573,000 per case by owners or key executives compared to $182,000 by managers, and only $60,000 by employees. Tenure, and by extension trust, had a direct impact: those with more than 10 years service were responsible for 25.3 per- cent of cases, but with the most substantial losses (averaging $229,000 per case), while workers with one to 10 years of service perpetrated the vast majority of cases at 66.8 per cent, with median losses at $100,000 per occurrence.
Red Flags
Every fraud case, it seems, has red flags—before, during, or after the incident(s), as perpetrators will, according to Ratley, have to “step outside of normal procedures.” Among these behavioral indicators are employees living beyond their means or having financial difficulties, those with unusually close relationships with a vendor or customer, and workers with control issues or an unwillingness to share duties.
Daniel Draz characterizes these red flags as ‘unusual activity.’ As principal of Fraud Solutions, an investigative consulting firm based in Naperville, a suburb of Chicago, he explains, “Red flags are often industry specific, but there will always be universal [examples] that apply to all businesses.” Suspicious activity can include financial and banking irregularities, missing documentation such as receipts and billing statements, ‘phantom’ invoices, cash disbursements, and inventory discrepancies. On the employee side, Draz confirms that little or no segregation of duties and workers living beyond their means certainly warrants closer attention.
Prudent, Proactive Prevention
Hindsight, as they say, is 20/20. “Preventing a fraud before it happens,” says Draz, “represents a significant cost savings for businesses, as historically speaking, we know with certainty that the longer a fraud goes undetected, the larger the losses become over time. Larger frauds also have other impacts including brand damage, reputational damage, loss of confidence from stockholders and investors, and stock depreciation.”
Draz recommends being proactive, as “putting in the appropriate controls and attempting to mitigate fraud before it occurs is always a more prudent practice then attempting to deal with it after the fact, when the fraud has gone unchecked for long periods of time and the losses have increased exponentially over time.”
Internal Controls
Internal controls are fairly simple, but they must be followed. For example, keeping the record keeping and actual custody of assets separate—this segregation of duties can significantly reduce risk. One person should never have sole authority to initiate, authorize, approve, or complete transactions without someone else signing off on the process. And owners should open bank statements, not employees.
Draz comments: “Key internal controls are always wrapped around places with the most exposure and are usually financial systems such as accounts receivable, accounts payable, and payroll.”
Further, he says companies should have controls within inventory systems to prevent product theft, as well as time management systems (“it’s amazing how many employees steal time”) and even health care benefits.
Other controls include external or independent financial audits, code of conduct contracts, hotlines, job rotation, mandatory vacations, whistleblower rewards, and employee support programs. It is also crucial for workers to be educated about fraud and to know employers are watching and paying attention.
External Controls
Ratley also suggests having a right-to- audit clause with vendors, giving business partners the right to look at each other’s records concerning mutual transactions. And if questions are raised, he says a simple Internet search can verify an address and phone number. For more in-depth information, some companies visit physical sites or hire private investigators. In one fraud case, the address where a company was sending checks turned out to be a boat, in a marina owned by an employee.
Owners and managers should also ask themselves: “If I was going to steal money, how would I do it?” The answer is often surprisingly simple. Fraud prevention, truly, should start at the top with management setting the example. If these individuals “are not paying attention to the details, the employees won’t be; if management is not ethical, employees won’t be.” It is up to managers, Ratley says, to create and maintain “a culture of high ethical standards at all levels.”
Lastly, Ratley notes, “If employees see management taking advantage of customers, the employees will eventually take advantage of the management or the owners.” Everyone, he says, must be held accountable in an environment where fraud or dishonesty will not be tolerated.
Conclusion
To control occupational fraud, businesses must understand all the operational risks, as well as internal obstacles to dealing with such crimes. There are many possible schemes and each is a violation of trust, but it all comes down to common sense, Ratley says. The key is to institute internal and external controls to not only prevent opportunities for fraud and theft, but to create an atmosphere where such behavior is just not possible.
Technology & Occupational Fraud
With rapid advances in computer technology, companies have a new area to be vigilant about—occupational fraud.
“There are various technology solutions and abuses in occupational fraud,” says Keith Salustro, president of Security Best Practices, in Boston. Examples include theft of trade secrets, customer lists, and salary data, which are often easily accessible. Workers can “steal data with universal serial bus (USB) thumb drives, or take copies by forwarding them to remote cloud servers, or email via personal email accounts. Many cloud accounts are now encrypted, which makes it difficult to scan the outgoing email data for size and keyword content—such as a list of Social Security numbers.”
Best practices for preventing and discovering these types of fraud include next- generation firewalls to break the SSL (secure sockets layer) connection in the middle and inspect the data for keywords (such as ‘confidential’) within documents.
“These next generation firewalls are application-based instead of port-based, which means they are much more discerning about what they block and allow through. Uniform resource locator (URL) filtering is also important to protect users from going to malicious sites by mistake. Many phishing attacks trick employees into clicking a link for a site that installs malware on the employee’s computer—so that computer can be remotely monitored by an outside entity,” Salustro notes.
Additionally, “there are some solutions that control whether USB ports and CD burners can be used. They should be blocked by default,” he adds.
