Print this issue
 View as PDF
Send us your comments

November 2002 Vol. 6 Issue 10

Over the last year, it has become almost impossible to open a newspaper or business journal without seeing some mention of fraud. The recent scandals and fraud schemes that have headlined our newspapers have led executives and investors to the realization that internal fraud committed by management or employees can severely damage a company and even result in the collapse of major corporations.

In an effort to boost investor confidence and improve corporate governance within organizations, the U.S. enacted the Sarbanes- Oxley Act of 2002 (the "Act") mandating various provisions aimed at strengthening corporate accountability and governance and affecting the fiduciary responsibility of both officers and directors of public companies. As directed in section 404 of the Act, the Securities and Exchange Commission (the "SEC") is requiring the management of public companies to report on the internal controls of their organization in their annual reports including:

• A statement of managements’ responsibility in establishing and maintaining the company’s internal controls over financial reporting
• Managements’ assessment of the effectiveness of these controls
• Identification of the framework used to evaluate the effectiveness of the internal controls

So what does this mean for privately held companies and small businesses? First, even though the new regulations do not apply to non-public companies, privately held companies interested in going public or selling their holdings to a public company will have to conform to the new legislation. For example, many small and privately held businesses have loans to officers. The Act specifically prohibits any personal loans to or for any director or executive officers. These loans would have to be repaid before any initial public offering.

Second, officers, directors, and investors have become more aware of the significant impact fraud can have on an entity. Good corporate governance within an organization may make a company more attractive to potential buyers, investors, and other capital sources.

Finally, the risk of fraud, and the costs associated with it, exists in all organizations, not just public companies. According to a 2002 study by the Association of Certified Fraud Examiners, fraud cost U.S. businesses $600 billion in 2001 which equates to six percent of an organization’s revenue. The study also showed that small businesses tend to be the most vulnerable to fraud. The study showed that on average small businesses lost $127,500 per fraud scheme compared to an average of $97,000 for the larger businesses. The existence of fewer checks and balances in small business is one of the primary reasons they suffer greater losses. The small number of employees leads to a lack of segregation of duties, basic accounting controls, and a greater level of trust among owners and co-workers.

New, fast growing businesses are also at high risk for employee theft due to the lack of established policies and procedures. The result is weak controls and many opportunities for fraud to occur.

Types of Fraud
There are three major types of fraud, asset misappropriation, corruption, and financial statement fraud. The fraud schemes we have heard so much about over the last year at Enron, WorldCom and Tyco have all been cases of financial statement fraud. This type of fraud is the most costly per scheme, but it is the least common, occurring only five percent of the time according to the study by the ACFE. The study further showed that the most common type of fraud is asset misappropriation occurring 86 percent of the time.

Asset misappropriation is the greatest threat to small businesses. It is defined as the theft or misuse of an organization’s assets by management or an employee, which is most often the theft or embezzlement of cash. This can include skimming revenue before it is recorded on the books, stealing cash receipts, stealing inventory, payroll fraud, and fraudulent disbursements.

Why Do Employees Steal?
Most experts support a theory called the fraud triangle. This theory states that in order for fraud to occur, three elements must exist. First, there must be a need by the employee. This could be a financial need from living beyond one’s means, a vice (gambling problem, alcohol or drugs), or an unexpected crisis or event. Second, there must be an opportunity to commit fraud usually due to lack of internal controls within an organization. Lastly, the fraudster must be able to rationalize committing the fraud such as believing that the funds are only being borrowed, or that the employee is underpaid therefore the embezzled funds represent part of the employee’s salary. These employees believe that they can successfully perpetrate the fraud without being discovered.

Types of Employees
Employees can be placed into three major categories. The first category is your generally honest” employee who has no intention of stealing from your organization, but will if the opportunity arises and there is a need for financial resources. This individual is your first-time offender who is the typical perpetrators of fraud. The thought of getting caught and possibly going to jail is incomprehensible for these employees. For this reason, the mere perception that a fraud scheme may be detected can many times prevent fraud from occurring. The second category is the “professional” fraudster who enters your organization with the intent to commit fraud and is always looking for opportunities. The “professional” fraudster does not fit the fraud triangle model discussed earlier. This individual does not need to rationalize his/her actions. Professional fraudsters seek out organizations with weak controls. By implementing strong control policies, a company can deter these professionals from ever entering their organization. The last category is the “honest” employee who would never steal from the organization.

Almost all victims of fraud make the mistake of believing that their long-time employees all fall into the last category of the “honest” employee and that it would never happen to them. The most likely person to commit fraud in your organization is the long-time trusted employee. The employee has been with the company long enough to develop relationships with vendors, to gain the trust of the business owners and other co-workers, and to understand the weaknesses in the company’s internal control structure.

Fraud Prevention
By instituting strong internal controls in an organization, a business owner can minimize the opportunities to commit fraud. This will not only prevent the “generally honest” employees from committing fraud, but can also deter “professional” fraudsters from targeting your organization. In addition to strengthening internal controls, business owners need to set the tone within an organization and develop a climate that is hostile to fraud.

One of the requirements of the Sarbanes-Oxley Act is that all public companies implement a fraud hotline. All organizations, small, large and privately held, should have a fraud hotline. In the study by the ACFE, it was found that the most common method for detecting fraud was through a tip from an employee, vendor, or customer. By setting up a fraud hotline, organizations can cut their fraud losses by approximately 50 percent per scheme. Other steps an organization can take to prevent and deter fraud and embezzlement include the following:

• Perform proper screening of employees during the hiring process;
• Set up policies regarding fraud that include a statement that dishonest acts will be punished;
• Do not allowing employees to control all phases of a transaction cycle;
• Require proper authorization on documents;
• Scrutinize expense reports, credit card charges, phone bills & employee overtime payments;
• Safeguard bank statements, checks, and credit cards;
• Set up independent checks through use of internal or external auditors;
• Implement strong computer security procedures.

Up until now, fraud has been one of the largest unmanaged costs to business owners. However, the recent events of Enron and Worldcom have led business owners to realize the high cost of fraud and to take action to protect their organization. This is reflected in a survey sponsored by Robert Half Management Resources, which shows that 58 percent of private companies in the United States are evaluating their internal controls and instituting new practices. Of the CFOs surveyed who are implementing changes: 44 percent said they were reviewing or changing current accounting procedures, 36 percent were creating or expanding the internal audit function and 23 percent were hiring an independent firm for consulting work.