Fraud losses can be devastating: U.S. businesses incur a median loss of $145,000 per fraud incident (ACHE, 2014) with many cases involving much larger losses.1 From cash skimming to improper expense inflation or falsified billing, occupational fraud (fraud by an employee or manager) is a serious threat to the bottom line of organizations of all sizes.
Common fraud protection tasks include segregating responsibilities, building firewalls around information, creating a robust reconciliation and audit process. Yet for all the fraud preventative measures, imperfections in the corporate culture may be the source of many issues. A lack of clarity or fuzziness about what is acceptable and/or ethically responsible can undermine the effectiveness of the most diligent fraud monitoring initiatives. On the other hand, a clear presence and tone of ethical responsibility can build a more predictable, profitable environment for all employees and actually serve as a deterrent to fraud, Just as most understand that corporate culture investments lead to worker satisfaction, innovation and productivity, the same purposeful shaping of culture can deter fraud that hinders profitable growth.
David Sawyer, a forensic accountant with Frazier & Deeter, identifies three contributors to fraudulent behavior, “The three-legged stool of fraud - motive, opportunity and mindset. All three are usually present, and no one drives the other, but they all feed off of each other to create an environment where fraudulent behavior may emerge.”
- Opportunity. Most often the focus of anti-fraud efforts, opportunity to successfully commit fraud usually occurs from a lack of internal controls. Sawyer talks about the 4A’s of job separation as best practices for eliminating opportunity; “you want to separate approvals, authorization to release funds, access to funds, and audits/review of fund movement. By separating the “initiation” of the movement of money from the “release” of money, companies can protect all employees and build an environment of trust.” Forensic accounts like Sawyer use a separation of duties matrix to chart the approvals, authorizations, access and reconciliations of departments such as purchasing, payroll, accounts payable and receivables and sales. The matrix is adjusted to work with departments as small as one or two people. By charting the various steps the process, Sawyer helps businesses eliminate the “opportunity” for fraudulent behaviors.
With cyber fraud, opportunity is often created by holes or gaps in the system. The steps of reconciliation may be hidden (and automated by the system), but having someone whose job it is to review the automation is critical to identifying places that leave systems exposed to fraudulent behavior.
Another common “opportunity” exists when executives are rewarded for hitting profitability or premium revenue goals. Sawyer explains, “Fraudulent financial reporting or ‘cooking the books’ often occurs when executive compensation goals are jeopardized by increased market demands and organizations lack a strong separation of financial reporting.”
- Mindset. Individual mindset is a second, but equally powerful driver to an anti-fraud culture. Sawyer comments, “fraud occurs because individuals rationalize their behavior with thoughts like ‘I’m only getting my fair share; I won’t get caught; there is plenty to go around; it won’t be missed; this is how business is done’. The “tone from the top” is critical to influencing individual mindset.”
Leadership sets the tone and creates a culture of ethical behavior by consistently setting an example of honesty and fairness while showing a commitment to zero-tolerance for unethical behavior. Many executives inadvertently display what may seem as ‘inconsequential’ behaviors, i.e., treating personal expenses as business costs; attending conferences for the “perk of the location” while skipping the actual meetings; hiring family members or friends who may not be as qualified as other candidates; treating vendors or partners to trips or exclusive experiences with no link to business activity, etc. This creates a slippery slope of what is considered right versus wrong. “I’ve seen these sorts of “inconsequential” behaviors can begin to chip away at a culture of honesty and trust – giving individuals the view that a little bit of fraud is acceptable.” says Sawyer.
- Motive. The final vector of the fraud triangle is motive – sometimes referred to as need or greed – and can come from internal or external sources. Sadly, need often comes from personal situations: addictions, financial distress, garnished wages or family illness. In addition, it is often legitimate need that leads companies to hesitate prosecuting cases of fraudulent behavior. Sawyer expresses a concern for the general business community. By not prosecuting, companies leave individuals in a position to move on to their next position and commit fraud again in the future. Sawyer discusses cases of unprosecuted fraud, “while on one hand, executives are trying to show compassion in the face of an employee’s dire need, my concern is that they put other companies at risk by not prosecuting – and quite frankly, may leave themselves open to future fraud because other employees see fraud not being punished.”
Creating a Culture that Deters Fraud
Having worked with companies to create a culture and implement best practices to deter fraud, Sawyer recommends that you consider the following four steps to move your culture forward:
- Assess your organization. Ask your financial team, e.g., CPA, financial consultants, to assess your organization and financial processes for improvement opportunity. By minimizing the opportunity, you will deter the likelihood of fraudulent activity. Use a separation of duties matrix to assess the approvals, authorization, access and internal audits that you have in place. If you have suspicions, use a surprise audit to get the most realistic picture of how systems are currently working.
- Revise procedures. Based on the identification of pockets of improvement opportunity, revise procedures and job duties to create a greater sense of shared reconciliation and access to information. Explain the benefits of new systems by helping employees see how reconciliation and auditing protect them and will create a more profitable, sustainable environment for the company as a whole.
- Celebrate ethical behavior. Overtly discuss, practice and celebrate a corporate commitment to ethical behavior. Send a message to employees with policies that reward the right thing and take a zero tolerance approach to unethical behavior. A positive culture is a powerful tool for developing positive employee mindset.
- Minimize motive. Motive is difficult to combat, but certainly making sure that employee services are in place to prevent employees from finding themselves in dire financial situations, facing addictions, etc.
Supporting your Fraud Protection Efforts
Fraud monitoring and protection, from creating the right culture to setting up the best preventative measure, absorbs energy, executive time and money. SunTrust understands that owners need to minimize the risk and distraction of fraud.