Business Fraud and Embezzlements

Recent headlines from the Eastern District of Missouri, U. S. Attorney’s Office:

DeSoto Woman Sentenced for Embezzling $1.6 Million from Grandview School District
October 13, 2017

Kinloch Official Sentenced for Stealing Money from the Kinloch Fire Protection District
October 25, 2017

Former Chief Financial Officer Sentenced for Stealing $2.8 million from Company
November 6, 2017

The 2016 American Association of Certified Fraud Examiners (ACFE) Report to the Nations found that the median loss to businesses due to fraud was $150,000.00.

Most of these frauds could have been prevented with proper internal controls and due diligence on the part of the businesses. Looking at the court cases of the above three crimes cited, all involved individuals who were trusted by the organization and were given carte blanche to handle the organization finances with little or no oversight.

As a business owner, prevention of fraud, waste, and abuse can be achieved with proper internal controls and appropriate oversight. The loss from fraud and embezzlement is not only monetary. To quote a business owner from one of the above cited cases:  we “thought we had a significant problem until we spent the next three months of our lives going through everything, including looking at the front and back of 44,000 checks…”

What can business owners do to protect themselves? Having strong internal controls are mandatory.  Businesses can also watch for behavioral red flags for fraud and embezzlement as noted from the 2016 ACFE Report to the Nations:

  • Living Beyond Means (45.8%)
  • Financial Difficulties (30%)
  • Unusually Close Association with Vendor/Customer (20.1%)
  • Wheeler –  Dealer Attitude (15.3%)
  • Control Issues, Unwillingness to Share Duties (15.3%)
  • Divorce / Family Problems (13.4%)
  • Irritability, Suspiciousness or Defensiveness (12.4%)
  • Addiction Problems (10%)

Businesses can be defrauded on many fronts: Internally by employees, managers, officers, or owners of the company, or externally by customers, vendors, and other parties.

Simpson Security and Investigative Advisory Group, LLC has trained fraud investigators, forensic accountants, and Certified Public Accountants (CPA’s) on staff to assist businesses in fraud prevention, fraud awareness, and fraud detection

Your Company’s Biggest Thief Might Be the Most Loyal-Seeming Employee

From CBS News Money Watch by Rachel Layne August 23, 2017:

A new Hiscox study of employee theft in 2016 shows the most damaging schemes involved small amounts of money swiped over years or even decades. Twenty-nine percent of employee thefts took place over more than five years, with that percentage rising to 37 percent in financial services. Vendor fraud produced the largest losses, with the most common method being funds theft. The average embezzlement and loss stretching over five years or more was $2.2 million, while those who stole for more than a decade took an average of $5.4 million. The study also shows thieves do not fit the profile that most company managers expect. Thieves tend to be “egotistical risk-takers” who are curious, smart, and want detailed knowledge of how the company works. “We list diligent and ambitious, staying late, working through vacation, or never taking vacation” as common characteristics of employee thieves, says Doug Karpp, the national product head for crime and fidelity at Hiscox. “Some of those are counter-intuitive.”  Middle-aged employees in the accounting or finance area were the most likely to steal from any company — thieves have a median age of 48.

Signals someone might be stealing may come from those who “flaunt their wealth,” according to the report, showing off a lifestyle that is beyond what their salary can buy, such as new cars every few months or extravagant jewelry.

Is Your Business Secure?

We recently completed two projects: one involved the investigation of a theft and potential data breach at a major firm, and in the other we were asked to conduct an in-depth security review for a major corporation that recently had an intruder breach their premises.  What we found is all too common in many businesses today.   Business security is not a priority until after an incident occurs.

You can’t open the newspaper or listen to the news without reading or hearing about a data breach, embezzlement, financial fraud, or workplace violence incident.   There are many reasons why basic security processes and procedures are not put in place.  The reasons range from cost concerns to naiveté. The truth is, once an incident occurs, the monetary and non-tangible (business good-will) cost to a business can be devastating.

There are recognized industry standards for security for both small and large businesses.  Implementing those standards can help protect the business from a security breach, legal liability, and financial loss.

Financial Safeguards

In the 2014 Association of Certified Fraud Examiners Report to the Nations on Occupational Fraud and Abuse, it was reported that the median cost of a single fraud incident to small businesses was $154,000.00.  Five simple steps businesses can, and should, take to help mitigate financial fraud are:

  1. Conduct background checks on all employees.
  2. Implement a written code of ethics.
  3. Divide bookkeeping and check signing authority.
  4. Deliver bank statements – unopened – to top management.
  5. Implement a fraud reporting mechanism or hotline (over 40% of all small business fraud is discovered through tips).

Physical Security

American National Standards Institute (ANSI) and ASIS International are recognized as the standard bearers of physical security. Both organizations conduct extensive research on physical security and publish standards that are recognized the world over. Each business should conduct a security risk assessment along with a cost benefit analysis. The size of your business will dictate how in-depth that assessment should be.   Areas to consider in assessing the physical security of your business include:

  1. Security policies and procedures
  2. Security lighting
  3. Barrier systems
  4. Intrusion detection systems
  5. Physical entry and access control
  6. Video systems / Video surveillance
  7. Alarms
  8. Personnel

Workplace Violence

The Occupational Safety and Health Administration (OSHA) estimates that about 2 million U.S. workers are victims of workplace violence each year and about 10 percent of workplace fatalities are homicides. The monetary costs of workplace violence have been estimated by the National Institute for Occupational Safety and Health to exceed $120 billion per year, and the human costs are immeasurable.

Workplace violence incidents can come from a customer, an employee, domestic disputes that spill over into the workplace, and criminal acts.

Employers should take some basic steps to address workplace violence by adopting policies and procedures that demonstrate to their employees the importance of a safe workplace.  Those steps should include:

    1. A written zero-tolerance policy for incidents of violence or threatening behavior in the workplace.
    2. Substantial disciplinary action, up to and including termination, for harassing or threatening behavior.
    3. An easy system for employees to report suspicious or threatening circumstances.
    4. A documented and detailed action plan outlining how the business will respond to those reports.
    5. A system for documenting those reports and the action taken by the business to address the report.
    6. A written and detailed emergency action plan in the event of a violent incident.

Cyber Security

    The 2014 Data Breach Investigations Report, compiled by over fifty organizations from around the world reported over 63,000 cyber security incidents and over 1,300 confirmed data security breaches across twenty-seven countries in 2013. Most of the breaches fit some basic patterns:
  1. Web App attacks (35%)
  2. Cyber Espionage (22%)
  3. Point of Sale intrusions (14%)
  4. Credit Card Skimmers (9%)
  5. Insider Misuse (8%)
  6. Crimeware (other malware incidents) (4%)
  7. Miscellaneous errors (2%)

While all industry segments were touched by cyber-attacks, the primary businesses affected by these breaches were retailers and the service industry. Some steps businesses can take to deter data breaches include:

  1. Restrict remote access
  2. Enforce password policies
  3. Do not browse social media, public websites, or personal e-mails on POS systems.
  4. Know your data and who has access to it.
  5. Review user accounts.
  6. Encrypt devices (laptops, hard drives, thumb drives – anything with data that could get lost or stolen).
  7. Move highly sensitive or valuable assets to a secure location.
  8. Properly dispose of information assets, and verify that they have been sanitized prior to disposal.
  9. Use two-factor authentication.
  10. Have a plan in place should a cyber-attack or data breach occur.

Summary

All businesses should be conducting security risk assessments. A security risk assessment will highlight areas that are vulnerable and help gauge the likelihood or impact. These should be done on a regular basis. A good risk assessment program will combine inside expertise and oversight with outside experience and insight. Using a third party to work with the company on a risk assessment will bring in a high level of security expertise not normally found in-house, as well as an unbiased and pragmatic view of policies and procedures in place. Once the risk assessment is conducted, the business should be prepared to make changes and to monitor the results.

The time to conduct a security risk assessment is now, not after an incident occurs.

Dennis Simpson

www.SimpsonAdvisoryGroup.com

Dennis.Simpson@SimpsonAdvisoryGroup.com

Simpson Security and Investigative Advisory Group, LLC

Fraud and the Small Business Owner

Recent Press Releases from the United States Attorney’s Office, Eastern District of Missouri:

May 09, 2014: California Subcontractor Pleads Guilty to Fraud Involving Boeing Contracts

ST. LOUIS, MO—William Boozer, a Boeing subcontractor, pled guilty to wire fraud in connection with a bribery/kickback scheme involving Boeing military aircraft parts during November 2009 through February 2013.

According to Boozer’s plea agreement, between November 2009 and February 2013, Boozer requested the procurement officer for Boeing, Deon Anderson, provide him with non-public competitor bid information and historical price information in connection with Boeing military aircraft part purchase order requests for quotes.   Anderson gave the information to Boozer to be used in preparing and submitting bids on behalf of Globe Dynamics in response to approximately sixteen different Boeing requests for quotes relative to various purchase orders, in exchange for cash payments.

 March 31, 2014: Office Manager of Moberly Funeral Home Indicted on Fraud Charges

ST. LOUIS, MO—Beverly Susan Rene Smith was indicted by a federal grand jury on charges involving her alleged theft of approximately $176,000 from Million-Taylor Funeral Home.  These funds were intended to cover customer’s funeral expenses.

According to the indictment, Smith was hired by James Taylor, Sr., the original owner of the Million-Taylor Funeral Home (MTFH) in Moberly, MO.  Smith was hired as the office manager, a job she held from 2001 to June 2012. The indictment alleges that after James Taylor, Sr. died in 2006, Smith concealed the existence of an escrow account from other MTHF employees. On several occasions Smith took the payments that were sent to MTHF for funerals, and instead of depositing them into the general fund, she deposited the funds into the escrow account.  Smith was able to withdraw funds from the escrow account undetected to use for her personal use.  She hid the withdrawals by manipulating the financial records of MTHF.

January 27, 2014:  Former Chief of St. Louis Park Rangers Sentenced on Fraud Charges

ST. LOUIS, MO—Thomas Stritzel, former chief of the St. Louis Park Rangers, was sentenced to 36 months in prison on charges that he and Joseph Vacca, former deputy commissioner of the St. Louis Parks Division, defrauded the city of St. Louis of approximately one-half million dollars by submitting false invoices for materials and services supplied to the Parks Division.

According to court documents at the time of their guilty pleas, from January 1, 2005 to December 31, 2012, Vacca and Stritzel embezzled funds of the city of St. Louis based upon the submission of sham and false invoices, which included false charges of approximately $472,722. Vacca and Stritzel set up a sham company called Dynamic Management and then funneled city funds received through the submission of false and sham invoices to Dynamic Management’s bank account. They then used those fraudulently obtained funds for their own personal use, including leasing personal vehicles, payment of fuel costs, and the payment of personal credit card charges.

 

The Association of Certified Fraud Examiners (ACFE) in its 2012 Report to the Nations (http://www.acfe.com/rttn-highlights.aspx), internal fraud remains a significant threat to small businesses.  Their survey found that smaller organizations suffered the largest median loss.  This is primarily due to fewer anti-fraud controls than larger businesses.  The median loss in their study was $140,000, with almost half of victim businesses never recovering any of their losses. 

 

 

 

What Types of Fraud Can Affect a Business?

Internal Fraud

  • Manipulation of Financial Statements:  False expense reports; Concealed liabilities; Backdating transactions; Unauthorized acquisitions
  • Misappropriation of Assets:  Cash theft; Skimming; Payroll fraud; Personal use of company funds; Pilfering
  • Corruption: Bribery and Kickbacks; Intellectual Property Theft; Embezzlements; Bid rigging; Conflicts of Interest

 External Fraud

  • Dishonest Vendors
  • Customer bad checks / credit card frauds
  • Identity-Theft

What Can a Small Business Do to Protect Itself from Fraud? 

Never allow just one employee uncontrolled access to financial records without regular oversight and verification.  Small businesses often use a family member, trusted friend, or long-time employee as the office manager, bookkeeper, and accountant.    Having one employee, friend, or family member open the mail, write checks, pay bills, deposit funds, reconcile bank accounts, and maintain the books is a recipe for disaster.  Dual control and regular independent review of company finances is crucial to preventing fraud.

Contract with an outside firm for accounting and bookkeeping services.  Often, small business owners feel they cannot afford such a service.  As we see in the U. S. Attorney press releases, losses sustained by fraud can far exceed the costs of an independent accounting firm and auditor.

Be aware of behavioral red flags that may indicate problems.  The below traits are not definitive indicators that an employee is committing fraud.  However, they have been shown to be traits in persons who have committed internal fraud, and may warrant a closer evaluation of your employee and their job duties.

  • An employee living beyond the means of their known income.
  • An employee experiencing severe financial difficulties.
  • An employee experiencing severe emotional upheaval (divorce, death, etc.)
  • An obsession with gambling.
  • An employee who forgoes vacation time and paid time off.
  • An unwillingness to share work
  • Excessive control issues
  • Unusually close relationship with contractors or vendors
  • Employee with financial record responsibility who regularly “takes work home” without a valid reason.
  • Confrontational and or secretive when asked about their work.
  • Numerous excuses for not producing, or delaying, financial reports.

As a business owner, it is your responsibility to set the tone for your employees.  Honesty and integrity is contagious.  A strong policy stating your company values is encouraged.

If you suspect your business is the victim of fraud, or for a fraud risk assessment of your business, contact Simpson Security and Investigative Advisory Group, LLC.  Our network of fraud professionals can assist you in protecting your investment and securing your future.