One of the simplest and easiest to implement fraud prevention measures a business can use is Internal Controls. However, many businesses choose to cut this corner for whatever reason, whether it be cost, manpower, ignorance, etc. Choosing not to implement internal controls can cost businesses financially, in addition to their reputations in their community and profession. What follows are cases where internal controls were not implemented allowing for fraudulent and illegal activities to occur.
We have used this example several times in the past with several different topics. What led to this fraud occurring was the removal of internal controls. The Board of Directors of a non-profit organization, at the request of their Executive Director, removed their outsourced accountant in an effort to save the organization money. Once the accountant was removed the Executive Director had no oversight as the Treasurer of the Board, along with the rest of the Board of Directors, did not hold the Executive Director accountable for financial decisions the organization was making. Frankly, the Board was not paying attention. Over the period of a year the Executive Director embezzled over $700,000.00 from the organization by setting up a fraudulent vendor billing scheme, as well as skimming payments from tenants renting properties the organization managed. The discovery of the embezzlement was made by the same accountant that the Board of Directors removed when the accountant made requests for support documentation on purchases made and vendor payments. The Executive Director made excuses as to why the documentation could not be provided. As the accountant conducted due diligence, the fraud scheme started to take shape. However, once the Board was made aware of the embezzlement, they did not do anything. After much pressure from the accountant the Board finally addressed the embezzlement with the Executive Director, removing the Director from their position. Being the “trusting” people they are, the Board allowed the removed Executive Director back into the offices where the Director began shredding any piece of evidence tied to the embezzlement. After all was said and done, the Executive Director pled guilty to embezzling $500,000.00 and possible time served. The non-profit organization and its Board Members are left with a discredited organization and reputation in the community.
Another example we like to refer back to is a case involving segregation of duties. It is common for a fraudster to “create kingdoms” of certain tasks and responsibilities. How many times have you worked for a company and heard the phrase “Oh, Joan takes care of all our office supply purchases.”? Oftentimes, nobody thinks or knows that Joan may be committing a fraud until she goes on vacation or retires and someone else starts doing the job/task and discovering the fraud. By then, it may be too late. This is exactly what happened in a municipality payroll department. One employee was responsible for directing payments into the public employee pension account. However, those payments were not making it to this account. They were going to this employee’s account and was using them to go on vacations. While on one of these vacations another employee in the payroll department noticed the fraud when making the payment to the pension account. Upon return from vacation the fraudster was arrested. The fraudster served 40 months in prison plus three years of supervised probation and ordered to pay restitution in the amount of $365,000.00. Although a slight hit to the municipality, insurance was able to help offset some of the losses due to the fraud and a new set of internal control measures including segregation of duties was implemented.
Our next case features a small coffee shop where a group of employees led by the shop manager were running a skimming operation that cost the shop several hundred thousand dollars over a period of time. What led to the downfall of the operation was an employee that alerted the shop owner to the skimming activity. On initial review, everything looked like it was on the up and up. Total sales each day matched the cash intake. But when looking further the owners noticed an excessive number of chargebacks and voids on cash sales. Normally, a manager is going to be responsible for reporting these types of transactions. Since the manager was the one running the skimming operation the first line of internal controls was not being utilized. Even as an absentee owner, it is up to the owner to review the transactions on an individual basis to account for any unusual activity, along with holding the manager accountable to explain for this activity. With the technology in Point of Sale Systems and Video Monitoring reaching an affordable point it would be foolish to not implement these items in this type of establishment as an internal control measure.
In all three cases provided, each one could have either been prevented, deterred or minimized by the implementation of internal control measures. The importance of employees seeing that management takes internal control seriously can often be the number one measure that keeps an employee from committing a fraudulent act.