From the Inside Out

How to tell if fraud is happening in your company

By Kira Vermond

If your company has more than five employees, chances are you were the victim of internal fraud last year. Bribery, conflict of interest, false statements, embezzlement. How can you tell if you have a fraudster on the inside — and how can you keep your assets safe from now on?

It only took them three minutes to get away with 33 computers. Three short minutes. Earl Basse shook his head as he watched the Vancouver company’s surveillance tape that showed the men using a sledge hammer to break down a maintenance door and stuff the hardware into hockey bags before making their way down seven flights of stairs.

There was security in the building. And alarms would have been tripped - if the computers had only been stored in any other room. But they weren’t. The desktops, brand new and many still in boxes, ready to be swapped for older models later that week, were housed in the one room that didn’t have an alarm.

Basse, CMA, CFE, CPP, a forensic investigations specialist and director of corporate risk solutions for King-Reed & Associates Ltd. in Waterloo, Ont. has an opinion about how the theft was pulled off so easily.

“It was obviously an inside job,” he says now, years later.

Corporate internal theft and fraud are among the most difficult problems companies address because no one wants to believe their colleagues are actively stealing from or defrauding the organization. But occupational theft and fraud should be keeping CMAs up at night if they haven’t educated staff or put policies and procedures in place to counteract the problem. How can you know if there’s an internal fraudster in your company? And what can you do to keep fraud and theft from seriously harming your bottom line?

The numbers

The problem is more widespread than many would believe. According to a 2002 survey conducted for Ernst & Young LLP by Ipsos-Reid, 20% of Canadians say they are personally aware of people stealing from their companies. Sixty-eight per cent of respondents believe fraud in the workplace has stayed the same or increased in the past couple of years. And 44% said they thought their employers could do more to reduce workplace fraud.

And reduce it they must. Basse rhymes off numbers that would jolt anyone: 22% of bankruptcies result from internal theft and fraud. (Small businesses being the most at risk.) Corporate theft is estimated to cost Canadians $60 billion a year. Ten per cent of employees will commit theft or fraud any chance they get.

Then there are the numbers gathered by the Association of Certified Fraud Examiners, an international association based in the U.S. They estimate that 6% of revenues were lost in 2002 as a result of occupational fraud and abuse — or $4,500 (U.S.) per employee.

But beyond the dollars and cents, it’s important to note how easy it is to perpetrate fraud. The average fraud scheme lasts 18 months before it’s identified, the study says. And the second most common method for detecting a fraudster’s operations — after tips from other employees — was simply by accident.

It’s obviously time for many companies to shake the sand from their hair and look around them, says Bob Lindquist, senior managing director of the financial investigation practice for Citigate Global Intelligence & Security in Washington, D.C. The 30-year security veteran says too many companies are still taking a defensive — rather than proactive — approach to detecting occupational theft and fraud.

“The number one issue is companies don’t want to accept the fact that this could happen to them,” he says.

Know your employees

One of the most cost-effective ways to prevent internal theft and fraud is hiring the right people in the first place. Check everything on a potential hire’s CV, says Basse. Call previous employers and conduct criminal and financial checks (with the employee’s permission). While a criminal record is confidential, the fact a person has been to court is public. And a poor financial history may not deter you from hiring the candidate, but it does give you a sense of what his or her personal life is like.

Maintaining a rapport with employees once they are hired is also important, says Lindquist. Don’t look the other way when your employees seem to be struggling with personal issues. He says people who are under duress — not just in the workplace — are more likely to defraud the company eventually.

“The question it really raises is why do honest people steal?” he asks.

Why indeed? Many sources indicate that 80% of all employees might steal if the opportunity and motive were there and they could rationalize the behaviour  to themselves.

Think of someone driving home from work who speeds above the legal limit. If the opportunity is there (no patrol cars are out and an empty road), there’s motive (wants to get home quickly) and an ability to rationalize speeding (everybody else is doing it), many drivers put the peddle to the metal.

Lindquist says there’s another good reason why so many people can be tempted to act inappropriately. Employees are often too proud to say they’re in trouble. Instead they try to buy time by misrepresenting a situation.

What to look out for

Understanding the general reasons why employees might turn on their own company is one thing. Knowing what to look out for is another. While most theft and fraud cases are brought to light by other whistle blowing employees, it’s still useful to look out for the following:

• People who arrive to work early and leave late, or work many weekends — but their workload doesn’t warrant such long hours.
• Employees who avoid taking holidays.
• Individuals who make a high volume of calls during the day when their position doesn’t require them to do so.
• Employees who are often secretive and rarely delegate to others.
• Employees who others avoid.

Some general characteristics and personality traits may also include:

• Intelligent — challenges the system and is bored with the job’s routine.
• A risk taker — someone who likes to bend the rules and take chances.
• Under stress — has a family problem or personal crisis.
• A complainer — more likely to want to “get even” with the company.
• Living beyond their means — spends big, buys expensive cars and houses.

Basse says the people who seem to be the most dedicated employees — those who work long hours and rarely take a break — are actually the ones to look at. A 2003 international study on workplace fraud conducted by Ernst & Young indicates long-term employees are the most likely to participate in fraudulent activities (although the profile is changing). Because these seemingly hard-working colleagues are so critical in the organization, they can cause the most harm.

“When they find out the best employee is actually stealing from them, most managers and senior executives are absolutely astonished that this person betrayed them. They’re the last one they would ever pick — and they’re the most trusted employee,” he says.

A culture of honesty

Hiring good people helps keep internal fraud at bay, but how do you maintain that integrity? Nick Hodson thinks he has an answer. The lead Canadian forensic accounting and fraud investigation expert at Ernst & Young says there needs to be a shift in how we perceive whistle blowers and the whole issue of fraud itself.

“You do it the same way you try to change behaviour in anything,” he says. “You change the way people think.”

Hodson offers the neighbourhood watch program as an example. When people become active in policing their turf, they feel good about what they do and have little tolerance for crime. If the same kind of program were to be put in place in a corporate setting, he believes there would be a similar result.

“I don’t think anybody involved in a neighbourhood watch program would think of themselves as being social outcasts,” Hodson maintains.

But it doesn’t happen overnight, he admits, referring to the recent societal transformation in dealing with drunk driving. Twenty years ago fewer drivers would worry about downing a couple of drinks then getting behind the wheel. Today there are huge financial penalties if caught, more spot checks — thereby negating opportunity — and television ads that personalize the consequences.

“If you involve people in the actual consequences, it makes it much more difficult for people to depersonalize the crime and say, ‘It’s trivial and nobody gets hurt.’ Well, the fact is people do get hurt,” he says.

Getting even

According to a comprehensive 2002 report developed by seven U.S. associations including the Association of Certified Fraud Examiners, wrongdoing occurs less frequently when employees have positive feelings about where they work. Boosting employee morale not only keeps them productive, but lessens the likelihood of them dipping their hands in the cookie jar.

There are many ways to create a negative and stressful workplace environment: autocratic management, a lack of recognition and poor communications are only a few examples. Yet, one of the most significant reasons why people commit fraud within an organization is due to the fear of failure. When a company sets unachievable financial targets and goals, many employees have only two options: fail or cheat, the report says.

By comparison, a company that institutes a code of conduct that says something along the lines of, “We are aggressive in pursuing our targets, while requiring truthful financial reporting at all times,” it makes it clear the company has a zero tolerance for unethical behaviour.

Developing and maintaining a fraud awareness program is also important, says Basse, who claims one company he worked for conducted lunch and learns for the staff once a month to talk about safety and security. Not only was the process cost effective, it kept the issue foremost on employees’ minds.

Getting it in writing

Policies, codes of corporate governance, and fraud response programs that include a hotline so employees can report misconduct, are all imperative if a company wants to manage risk caused by internal theft and fraud. While most businesses have them these days — the Ernst & Young global study reports that 68% of companies have a written employee code of conduct — not everyone thinks they work. In the same survey, only 44% said yes, policies make a difference.

Basse disagrees with that assessment — as long as the company takes the time to interview its own employees and makes them feel comfortable turning fraudsters in.

“The key to preventing any kind of fraud is your people,” he says. “No one knows a company better than the employees, so you talk to them. Find out where the threats are.”

Kera Vermond (kira@vermond.ca) is a Toronto freelance writer. Her articles can also be found in the Managing and Working Life section of the Globe and Mail.

IT: Is it fraud or isn’t it?

Don’t think surfing the Internet on your lunch hour constitutes fraud or theft? You’re not alone.

According to a global study conducted by Ernst & Young earlier this year, only one third of respondents thought personal use of hardware, software or Internet facilities amounted to fraud. The rest of the people viewed computer time similar to how we might use the telephone.

Not so fast, says Rosaleen Citron, CEO of WhiteHat Inc., a Burlington, Ont.-based information technology security company.

“In essence, it’s like walking into your storage cupboards at the company and taking a box of pens,” she says.

Actually, it can go much further. Citron says she has seen employees not only surfing the Web, but using corporate networks, line usage and bandwidth to download MP3 files and entire movies - and then selling the bootlegged copies back to other employees. In some of these cases the files were actually housed on company branded discs.

Other IT hoarders have been known to run entirely separate businesses from their cubicle desktop.

Companies are still slow to realize how important technology is for internal security. In the Ernst & Young survey, it reported only 5% of investigations into occupational fraud used electronic evidence, such as disk drive images, e-mails or access logs to catch the swindlers.

Top