In his stylish office, the impeccably dressed CEO of XYZ Company slowly placed the telephone receiver into its cradle and paused for a moment. His muscles tensed and his mind raced under the pressure of the demands just imposed upon him. Then he got up from his desk, walked into the controller’s office and asked the controller to accompany him on an errand to the company’s bank. At the bank, the CEO requested a $500,000 wire transfer to an attorney in New York. The bank officer knew the company’s owner’s well and he also knew the CEO was still relatively new to the company, but he also knew the owner trusted the CEO completely, they had discussed business with the bank together, and the CEO was able to sign all checks and bank documents on his own.  The owner was out of the country, the documentation for the wire transfer was in order, and so the banker executed the transfer.

The following week, when the owner returned from his business trip abroad, he was called by the banker and advised that the company had nearly exhausted the line of credit and was desperately close to a cash shortage.  This confused the owner as he was sure there was at least an additional half a million dollars available in the line of credit.  He was then advised of the transfer that had been authorized by the CEO during the owner’s absence. 

It was just a few hours later when our forensic accounting work began at XYZ Company.    

Our investigation revealed a history of deception and a long list of misappropriated funds that severely undermined the company. We uncovered the following:   

• The purpose of the attempted wire transfer was to make restitution for a fraudulent occurrence that the CEO had previously committed at another company. (This was not known by the owner, obviously, despite the routine background check conducted by the attorneys of XYZ Company – more on that later).
• Numerous payments were made to a female friend, authorized by the CEO as casual labor, when in fact no work had been performed.
• There were payments to contractors for maintenance and improvements made to the CEO’s home, which was worth $1.8 million.
• The CEO routinely submitted exorbitant expense account statements without supporting receipts.
• The CEO gave himself unauthorized salary increases and several salary advances were provided to him under rushed circumstances.
• The CEO initiated payments to the controller and other employees to obtain their participation in the deception.
• XYZ Company’s telephone expenses included 7 cell phones, including the CEO’s, his girlfriends’ (2), his wife’s, and his 3 children - totaling over $600 per month.

In just over 13 months the CEO had misappropriated over $1.3 million dollars from the company he was entrusted to lead.

While the fraud in this case far exceeds the average amount across all businesses, the losses were not that unusual for a family-owned business and they pale in comparison to the Enron and WorldCom losses. In addition, the types of fraudulent transactions and the factors that allowed them to occur at XYZ are very common. The causal factors are simple and interrelated and are known as the fraud triangle.

Pressure Pressure to commit fraud can come from personal financial problems, personal vices such as gambling or excessive debt and unrealistic deadlines or performance goals. In the XYZ case, the CEO was under extreme financial pressure; he owned a very expensive house with a mortgage that he could not afford under his salary. He lived a very lavish and fast-paced lifestyle characterized by always having the newest and most expensive personal possessions. He also was hiding that history of the previous fraud case in which he was involved. In that case a nolo plea was entered, and the CEO was worried about this information being uncovered by anyone – as well as the demands of the probation officer that had been assigned to his case as a result.

Opportunity The second side of the fraud triangle is opportunity - circumstances within the company that allow an employee to commit fraud. Family-owned businesses are especially susceptible to employee fraud because they may not have the staff or organizational structure to efficiently implement adequate financial controls. A variety of other situations may explain the absence of proper financial controls. For example, as XYZ Company grew and evolved, the informal financial procedures of its early days may never have been upgraded. Or, due to the very nature of small business, financial procedures may change frequently as business needs or the preferences of senior management change.

At XYZ, several factors created an open opportunity for fraud:

• As a $35 million company in annual sales, the financial controls never changed as the company grew.
• The company employed only a controller and an accounting manager.  It did not employ a chief financial officer with the proper perspective and skills to lead financial operations. 
• The company’s founder and owner was in his 70s and was not as active in day-to-day management as he had been over the course of time.
• The CEO could authorize large expenditures and could sign checks without a second signature.
• The CEO was able to gain the support of the controller and accounting staff through subtle coercion and financial rewards and reimbursements he made to them.

There were other factors in this case, which are common in other fraud situations. The company had fallen on hard times as competition from overseas manufacturing increased. The CEO was brought in to help rejuvenate business and restore it to its previous position. He was able to achieve some initial success which resulted in the owners giving him some unusual latitude in financial matters. In addition, he was able to charm the owners and to establish a close personal relationship with them - the situation of the entrusted employee is one of the most common elements in employee fraud. Without blind trust, employees are less likely to be able to freely commit fraudulent transactions.

Rationalization People who commit corporate fraud always develop a justification for their illegal actions. The rationalization varies by case and by individual. At XYZ, the CEO had been successful in turning the company around and expanding its business. He rationalized his fraudulent activities by touting his success for developing new business. Some other examples of rationalization include employees telling themselves that they will quickly pay back money when they get their paycheck or that their children or other family members need to be supported.

Proper Financial Controls

Clear Policies

A five-pronged approach can be used to minimize the opportunity for employee fraud.

The first step is to establish clear policies and procedures for the following financial transactions: cash receipts, cash disbursements, purchasing, employee expense accounts and payroll. The procedures for these types of transactions must have the following common elements:

• Proper segregation of duties so that there are built-in checks and balances whereby a single employee is not able to individually complete a financial transaction. For example, in the area of cash receipts, one employee should gather all of the funds received and prepare a bank deposit and a second employee should verify the amount of that deposit and actually make the deposit. For expenditures, one employee should approve expenditures and a second employee should make the actual payment (write the check) and a third employee should sign the checks, reviewing all of the underlying paperwork and documentation while doing so.
• All financial transactions should have proper supporting documentation. Expense account reimbursements must be supported by receipts, paychecks must be supported by proper time recordings, and accounts payable items must be supported by detailed invoices.
• Strict limits on the authorized size of each transaction before a review or countersignature is required. For example, there should be a specific dollar limit on the checks that can be signed by one individual. All checks greater than this amount must have two signatures.

Proper Reporting

The second fraud prevention component involves reporting. With today’s computerized accounting systems it is easy to create management reports that highlight the financial transactions that are susceptible to fraud and of interest to the company’s owners. They purpose of these reports is to allow owners to be able to review important financial transactions to ensure they are in line with established policies and limits. In family-owned businesses, where efficiency is extremely important, this reporting process can focus only on the exceptions – those transactions that exceed the dollar amount or other parameters including payee that management wants to review.  For example, the report may include only certain purchases over a specific dollar amount, employee expense reimbursements over a specified amount and selected other transactions that are relevant to the company’s business.

Periodic Audits

The third component of fraud prevention is periodic audits of transactions and procedures that are subject to fraud. Family-owned businesses usually do not have an audit staff that is separate from the accounting and financial management staff. Therefore it may be difficult for the company’s staff to conduct an objective and independent internal audit. This task may be handled by the company’s accounting firm as part of its annual engagement. Separate reports on possible duplicate payments and review of the payees’ addresses can also be helpful in preventing fraud.

Communication

The fourth component of prevention is communication. Owners and senior management should clearly express their concern for employee honesty. Management should set high standards for honesty and communicate the expectation that employees comply with them. This will go a long way in deterring fraud and will indicate support for any employees who may be aware of fraudulent activities.

Thorough Background Checks

Finally, the fifth component of fraud prevention is conducting thorough background checks on all employee candidates. In the case of XYZ Company, the law firm did not conduct a thorough-enough background check on the CEO candidate before he was hired. It is important to keep in mind that fraudsters often go to great lengths to protect themselves, even fabricating previous employment history and education. To flush them out:

• Review all application information with candidates, ask detailed questions to reveal gaps in employment history and education, and explore red flags,
• Conduct complete reference checks -- including criminal, education, employment, residence, credit, Social Security, driving record, and professional affiliation and license,
• Ask schools -- not the applicant -- to send transcripts, and
• Administer psychological and behavioral testing for management positions.

In terms of the resolution of the fraudulent action at XYZ Company, we conducted a detailed analysis of all of the company’s payroll and financial transactions over the course of the CEO’s tenure.  A variety of computerize transaction analysis methods were used to identify possible fraudulent activities. We then sought supporting documentation for possible illegal transactions. All of this data was then assembled into a claim that was filed with the company’s fidelity bond carrier. The claim totaled $1,600,000. Initially the bonding company rejected the claim under the justification that the company’s oversight of its financial transactions was so inadequate that the transactions were not fraudulent.  We worked with the company’s legal counsel and together were able to establish that fraud indeed existed.  That resulted in a $1,300,000 insurance payment. In addition, criminal proceedings were initiated against the CEO and resulted in a plea bargain. As these proceedings were occurring, we worked with the company to establish proper financial control procedures and management reporting procedures which have continued to work affectively.

David H. Glusman, CPA, DABFA, Cr.FA, CFS is Chair of our Forensic and Litigation Services Group and has over thirty-three years of experience. Contact David at dglusman@marg.com.