Safety In Numbers

East Coast Fraud & Risk Management Group

Blog

view:  full / summary

HOW TO PREVENT AND DETECT EXPENSE ACCOUNT FRAUD

Posted on 4 February, 2020 at 11:26 Comments comments (4)
HOW TO PREVENT AND DETECT EXPENSE ACCOUNT FRAUD

It’s hard not to have noticed all the corporate executives and politicians who have been accused of expense account fraud. With executive salaries, do they do it because they have financial problems? Probably not, they could be living beyond their means, but a more reasonable explanation is greed. That they felt they were entitled to fudge their expenses and they could get away with it. They have justified it by thinking this is acceptable behaviour or rationalizing everybody is doing it so why not me.
 
It has been estimated that 21% of all fraud committed in organizations is expense account fraud, costing millions of dollars a year. Small businesses suffer greater losses mainly because they don’t have such elaborate expense tracking systems.
 
There are basically four types of expense account fraud;

1.       Mischaracterized Expense Reimbursement: This is when an employee uses a personal expense and claims it is business related. EG: Employee claims office supplies for a home business they have.
2.       Overstated Expense Reimbursement: The employee overstates the amount of an expense, such as taking a $10 cab fare and claiming $20.
3.       Fictitious Expenses: This is when they create a fake expense that does not exist and a fake expense form. An example is claiming a lunch with a client that did not occur.
4.       Multiple Reimbursements: This is when the employee submits the same expense several times. Such as an airline ticket, where they put it on their credit card and get reimbursed and then they submit the airline ticket for a second reimbursement.  
 
Detection:
 
1.       Historical Comparisons: Compare employee’s expense reports for the last 3 years and compare it with other employee expense reports. It helps to see each employee’s expenses in a graph and then to graph all employees’ expenses combined.
If total company employee expenses have increased by 3% but one employees expenses have increased by 20%. That is something to look at and determine why.
 
2.       Detailed Review of Expense Reports: This is the most effective method where the employee’s expense account is audited, with all expenses being matched by receipts. Using the employee’s digital calendar and schedule allow cross reference between where they were, who they met with and what expenses were incurred.
 
 
Expenses Account Fraud Prevention:
 
1.       Have a company Expense Policy outlining what expenses can be reimbursed, what is required to get them reimbursed and what are the consequences of submitting fraudulent claims. The employee should then have to sign it and be given a copy. This could be part of the Code of Conduct or a separate policy.

2.       Ensure that only expenses with an attached receipt along with the explanation for that expense will be reimbursed. For entertainment an explanation of the receipt should include business purpose, and who the customer was. Also date and time when incurred, the place and the amount. This is a common theme I see in expense reimbursements. Where an employee submits an expense without the receipt and have an excuse for not having one. They get reimbursed and that sets the tone for submitting a similar expense without a receipt.

3. The person who approves the expense claims, give them the power and authority to question any expense even senior management and give them a clear chain of command to take the discrepancy to a higher authority. Encourage the employee and praise them when they detect a discrepancy.

4. Company Credit Cards issued to employees for expenses, the statement should go directly to the accounting department.

5. Conduct regular audits to ensure the company policy is being followed and to detect any discrepancies. The audits could be on a monthly or quarterly basis and any discrepancies should be brought directly to the employee who submitted the expense. For smaller organizations who do not necessarily have the time or expertise to do audits, it could be contracted out to an outside firm. Regardless the audits must be done.

Kilometers reimbursement is an area of abuse. The employee travels and total kilometers is actually 165, yet they submit 221. At $0.45 per kilometer, that’s an additional $25 the company has to pay out in fraudulent reimbursements. This can add up very quickly if you have numerous employees submitting expenses. An easy way to check is to just use Google Maps by entering the starting point and then choose destination and see how many kilometers it is.

I once audited a sales person at a Pharmaceutical company who had claimed over 90,000 kms in mileage, when we checked his vehicle, it had 22,000 kms on it. (The vehicle was company owned). This was over 68,000 kms at $0.45 per kilometer for over   $30,600 in fraudulent mileage claims. The employee was fired, because when we checked, not only was he submitting false expenses but he was also submitting false customer sales calls. Some clients had not seen him in over 2 years. 

6. Understand your corporate culture. In some organizations there is a culture of everybody is doing it, the company doesn’t mind. So why shouldn’t I do it? To manage this you have to have clear policies and procedures, educate the staff that this is wrong and is considered fraud, and how it affects the company’s bottom line. Also ensure management and executives are leading by example.

7. Have a whistle blower hotline to make it easy and anonymous for employees to report wrongdoing. Such as our www.workplaceviolationshotline.ca.
 
In summary, have an expense account policy, only reimburse expenses that have a legitimate receipt, with an explanation for the expense and make sure to conduct regular audits. You may not eliminate all expenses account fraud, but with proactive policies you will reduce the frequency and severity of losses.  
 
 
 

WHY EMPLOYEES STEAL

Posted on 24 October, 2016 at 10:22 Comments comments (5)
Whether you are in manufacturing, retail or a service industry. Your employees steal from you for all the same reasons. Criminologists state that three elements must be present in order for employee theft to occur,

1. Motive: Employees may have financial, gambling, substance abuse problems, or may just feel they are unappreciated or under paid at work.

2. Opportunity: The lack of security control systems and clear cut policies and procedures. Make it easier to steal from you.

3. Justification: Is simply the employee justifying his actions by saying I will put it back, it's not really stealing or they want me to take it.

Once all three elements are in place you have employee theft. The 10-10-80 rule states that;
- 10% of your employees will steal from you at each and every opportunity.
- 10% of your employees will never steal from you at any opportunity.
- 80% of your employees may or may not steal from you based on motive, opportunity, and justification.

As employers we have no control of an employee's motive or justification, but we can do something about opportunity. Being pro-active to prevent employee theft is more effective, and costs a lot less than being reactive. An effective employee theft prevention program should include the following preventative measures.

  • Conduct pre-employment screening checks to eliminate potential employees with motive and justification.
  • Have a clear and concise corporate code of conduct outlining what behaviour is expected of your employees, and what course of action will be taken in the event of a violation.
  • Have a Whistle blower Hotline to allow employees to report wrong doing anonymously. Studies have shown that  having a whistle blower hotline, will reduce the severity of losses by catching the theft sooner. Many whisltleblower hotlines; such as our own Workplaceviolationshotline.ca allow all types of workplace violations to be reported.
  • Communicate this code of conduct to all new and existing employees, suppliers and contractors. Have them sign off on it every year.
  • Be consistent with enforcing policies. Treat every violator the same.
  • For younger workers with less time on the job, have employee appreciation and recognition programs. Such as a $10.00 gift certificate to a coffee shop or movie theatre.

In conclusion a proactive approach to employee theft will be more cost effective, providing a greater Return on Investment.

SHOPLIFTING-What Retailers Can Do To Prevent Theft

Posted on 17 October, 2016 at 21:55 Comments comments (6)
Shoplifters- The National Retail Federation reports that one out of every ten shoppers attempts to shoplift. There are three categories of shoplifters:
1. The average amateur shoplifter who accounts for 75% of the arrests.
2. The full-time amateur shoplifter who accounts for 20% of the arrests.
3. The professional shoplifter who accounts for 5% of the arrests.

Common Characteristics of a shoplifter:
  • Often carries a bag or backpack into the store.
  • Appears nervous or startled when approached.
  • Constantly looks around.
  • Watches your actions more than anything else.
  • Bluntly refuses assistance from store personnel.
  • Is not concerned with the price, size or colour of selected merchandise.
  • Moves merchandise from one location to another.
  • Diverts employees' attention while others steal.
  • Carries own clothing to conceal store merchandise.
  • Wears clothes that are out of season, such as coats or sweatshirts when its hot outside.
The Amateur Shoplifter: The amateur usually prefers the busier times when the store is full, and customers and employees are occupied. Many amateurs prefer the seclusion of fitting rooms or corners of the store. The amateur's actions are not premeditated, but if an opportunity presents itself, the shopper succumbs to the temptation. This is called "impulse stealing". Since they don't know themselves that they may steal, neither will you and so this makes them difficult to catch.

The Full-time Amateur Shoplifter: These are the people that your employees say, "We know these people steal". These people have a prior history of shoplifting convictions, and account for 20% of those apprehended. They're typically a well-dresses young adult. The difference between these people and the everyday citizen shoplifter is the motive.

The Professional Shoplifter: These are the real "pro's" that make up a small 5% of those that are arrested for stealing. They steal for one reason only, and that's money. The professional likes to work when employees are least alert, and are early bird, lunchtime, shift change, or last minute shoppers. Most of these people work in pairs and are well dressed and, needless to say, well trained. They are also often habitual drug users who support their habit from shoplifting your merchandise.

Shoplifting Prevention Pointers:

  • Provide good customer service
  • Speak to the customer when they come in the door
  • Provide good cash register service, it should be fast and efficient
  • Teach employees to constantly look around and watch people wandering
  • Never turn your back on a customer
  • Pay special attention to display and layout of merchandise. High priced items near the cash register where employees can see them
  • Install security mirrors
  • Video cameras
  • Special locking display cases

The best thing you and your employees can do to prevent theft, is provide exceptional customer service to customers. When shoplifters enter your store, they want privacy. When you acknowledge them and continue to monitor them. They have lost their privacy and will go somewhere else where the staff is not as alert.







Managing Business Reputation Risk

Posted on 9 May, 2014 at 21:48 Comments comments (11)

MANAGING BUSINESS REPUTATION RISK
East Coast Fraud & Risk Management Group - www.eastcoastfraud.ca  

Most organizations don’t give much thought to their business reputation until something goes wrong. One of the reasons is that a business’s reputation is difficult to identify, analyze and put a value on. It is an intangible asset that does not show up on the balance sheet, except perhaps as Goodwill when one company buys another company. Your reputation is what brings customers to you, keeps your customers coming back, and why existing customers will refer friends and family to your business. Your business reputation is one of your greatest assets and if not managed it could be a liability or it could also mean missed opportunities.

According to the Insurance Institute of America, the definition of Reputation Risk is;

 “An intangible Asset that relates to an organization’s goals and values, results from behaviors and opinions of its stakeholders and grows over time. It is the comparison between stakeholder’s experiences and their expectations and is the pillar of the organization’s legitimacy or social license to operate. An organization maintains a good reputation when it meets or exceeds stakeholder expectations.

 PUTTING A VALUE ON REPUTATION

The first thing you must do is recognize the value of your reputation. Intangible assets in some organizations can represent 50% or more of a company’s total value. While there are several ways of valuing reputation risk, such as the Fair Market Value approach, which would assign a value if put on the market and the Cost Approach which is the amount the organization invested to acquire their reputation. Risk Managers prefer the Income Approach which puts a current value based on discounted cash flows, the reputation would earn in a given period of time. By recognizing the value of your reputation, it allows you to think of it as an asset. If damaged it can cause a loss of key stakeholders, but there is also an upside that you can take advantage of opportunities to add value to your reputation. As an example the tainted Tylenol crisis in 1982, had Johnson & Johnson develop tamper proof pill bottles that are now used globally.

IDENTIFY KEY STAKEHOLDERS

You should identify your key stakeholders and rate them based on importance, because each stakeholder’s expectations may be different. I use a rating system with a base of 100 and assign each stakeholder points based on their importance. Stakeholders can be classified as external and internal. Internal could be management, employees, and Board Members, while external could be customers, suppliers, shareholders, and government regulators.      

SOURCES OF RISK TO REPUTATION

Sources of risk to reputation can include the following;

1.      Deliver on Customer Promises: Is the company (non-profit or government entity) delivering high-quality, competitively priced goods and services?
2.      Regulatory and Legal Compliance: Is the company seen by its stakeholders and the public as law abiding and comply with all laws and regulations?
3.      Communication and Crisis Management: Does the company have an effective communications plan to manage stakeholder expectations? Are they transparent in their business dealings?
4.      Financial Performance and Long-Term Investment Value: Does the company have a steady record of financial performance and are they a good long-term investment?
5.       Corporate Governance and Leadership: Does senior management and the Board of Directors lead by example and set an appropriate tone at the top.
6.      Corporate Social Responsibility: Is the company considered by its stakeholders a good corporate citizen and does the company minimize the negative impact and maximize the positive impact of its activities on the environment and society as a whole?
7.      Workplace Talent and Culture: Does the company recruit high quality employees and treat them well? Does the corporate culture motivate employees to take pride in their work?

IMPLEMENTING A RISK MANAGEMENT PLAN FOR REPUTATION RISK 

Identify, Analyze and Prioritize Reputation Risks: Identify the key drivers of risk by reviewing past incidents and future risks. Analyze those risks based on tangible losses or gains to reputation and put a priority on each one. As an example an investment firm that has numerous compliance issues with advisors recommending high risk investments, could result in loss of clients and assets, regulatory fines, a criminal investigation or class action lawsuit.

Develop and Implement a Risk Response: To implement a risk response to a specific reputation risk, it depends on the source of the risk, whether the risk is a threat or an opportunity, the risk appetite of the organization and whether the risk can be mitigated and the total cost of mitigating the risk (ROI).

Monitor the Results: After the risks have been identified, analyzed and prioritized and risk responses have been developed and implemented. The risks should be monitored by management for any changes in the risk frequency or severity and take appropriate action. The objective is early detection and immediate treatment.

To effectively manage your reputation, recognize reputation as an asset, that like any other asset there are risks that may affect it and there are also opportunities that allow you to improve your reputation. Many companies actually seek out risk to maximize profits and gain a competitive advantage over their competitors.

How to Use Corporate Culture to Prevent Fraud

Posted on 14 April, 2014 at 20:01 Comments comments (3)

How to Use Corporate Culture to Prevent Fraud   

Corporate Culture can be described as “The beliefs and values which are understood by employees.” Culture is like an invisible energy field that surrounds your organization and determines how people think, act and see the world around them.
Some facts about corporate culture include;
1. Culture determines the “way of life” for employees who often take its influence for granted.
2. Over time culture is fairly stable and resistant to quick changes. Once a culture is ingrained into the organization, it can resist change even with high employee turnover. 3. Culture involves both internal and external characteristics.
4. Employee’s know what the culture is and can describe its characteristics. You can measure, evaluate and perfect it.
5. Culture will develop in a random fashion, or you can manage it if a firm has incorporated it into their strategic plan that identifies specific properties and goals. 

So how can a company reduce fraud in their organization by managing corporate culture? By aligning the organizations goals with the socialization process. The socialization process is what passes an organization’s culture from one generation of employees to next.  

According to Dictionary.com the definition of the socialization process is; the continuing process whereby an individual acquires a personal identity and learns the norms, values behaviors  and social skills appropriate to his or her social position.
 
The three stages of the socialization process are;  

1. Anticipatory Socialization and the Hiring Process: Begins when the employee simply considers working for a company and continues through the hiring process, where the interviewer will communicate the norms and values of the company and determine if the candidate is a good fit.  

2. Formal Socialization: Can be in the form of orientation and training programs for new employees and also through a mentoring process where values, skills and habits are communicated to the new hire.  

3.  Informal Socialization: Occur through many informal channels, through interaction with fellow employees and informal interactions with management. This is where the most effective and lasting socialization takes place. 

At the anticipatory and hiring stage, the first step is to communicate the company’s norms and values through the web site to potential and current employees, that your organization puts a high value on honesty and integrity. Then during the interview process, the interviewer will reinforce the values by making it part of the interview process by asking open ended questions and reinforcing the company values.  

The formal socialization stage is an excellent opportunity to begin the education process by making it part of the training program, through codes of conduct statements, and company policies and procedures. It is also very important to match the new hire with a mentor who will reinforce the company values in a positive reinforcing way. Use real examples of how real employees made contributions to preventing fraud.  I am a big believer in positive reinforcement and not using negative reinforcement, such as discussing how this employee was caught committing fraud. This sets a negative tone for the new hire.

  Finally the informal socialization process is where the employee will develop their values and ethics system by interacting with other employees and various levels of management. It is essential that management lead by example and follow the same rules as expected from the employees. Employees that are role models and set a good example should be given more exposure to the new employees.

  I have worked with clients who accepted that employee fraud and theft was part of their culture, and spent large amounts of money on security, CCTV, and audit programs, focused on catching and prosecuting the dishonest employee. This is really just dealing with the effect and not the cause. I have also worked with companies who tried to change the culture of fraud and theft, by managing the corporate culture. The return on investment is much higher.  

While every organization is unique, here are some helpful hints to get started;  

-  Survey your employees to understand their thoughts on fraud and theft in the           workplace.  

-  Develop a vision statement that reflects the vision of the company on fraud and  employee dishonesty. I had the privilege of doing some work for a contact center and the VP came into the class of new trainees and said I only ask two things of you; 1. Don’t use violence against each other 2. Don’t steal from the company or commit illegal acts against us. They have never had a workplace violence incident or fraud committed against them. Don’t underestimate the power of vision.  

-  Ensure senior management is on board and make sure they give a reason why the change is occurring.   

-  Establish a team to guide the change process. 

-  Set short-term wins, rather than one or two big goals. This will keep employees engaged and focused. Failing to meet a big goal or milestone will discourage employees and may mean the end of the program.  

We have discussed corporate culture and the role it plays in shaping employees thoughts and behaviors. We also discussed how the culture can be managed with the socialization process. To change your culture takes time and a lot of energy, however the end result is worth it.
At East Coast Fraud & Risk Management Group we have worked with many organizations and developed several employee surveys, you can use to survey your employees on corporate culture as it relates to fraud and employee dishonesty. Drop us a line if you would like a copy of one at www.eastcoastfraud.ca


REDUCING THE RISK OF BUSINESS IDENTITY THEFT

Posted on 5 March, 2014 at 10:37 Comments comments (5)

REDUCING THE RISK OF BUSINESS IDENTITY THEFT 

Most of us are familiar with personal identity theft, where an individual has their identity stolen, but business owners may not be as familiar with Business Identity Theft. Business Identity Theft is not the theft of customer’s personal information, but is someone assuming the identity of the business, that has no right to, for illegal purposes. The purpose is to gather information on the company and then submit fraudulent business records and tax filings, causing significant financial losses to the company and defrauding their creditors, suppliers and financial institutions.
Corporate Identity Theft is not just about corporations, but include non-profits, government, small & medium enterprises, partnerships and sole proprietorships.    

Businesses are targeted for many reasons, including;  

- More complex financial affairs than an individual, numerous people involved and less chance of being discovered.
- Businesses have large cash balances in the bank, making it more profitable for the fraudster.
- Easier to open up a business bank account and get credit, than opening an individual account.
- Higher credit limits and less collateral required.
- A lot of business information is public such as HST tax numbers on invoices, licensing,    permits, and loans secured by assets through Personal Property Security Searches. Also anyone can request a credit report from the credit agencies on a company.                                       

In a 2012 survey by Javelin Strategy Research Report, 75% of data breach reports took place in businesses with fewer than 100 employees…           

While there are numerous scams involving Business Identity Theft, the following are some of the most common; 

1.         Fraudulently Change Your Business Registration Information: All business registrations in Nova Scotia are filed with the Registry Of Joint Stocks and when a company wants to submit a change to their registration, they fill out a form with the changes, sign it and send it either by mail or electronically. The Registry updates the information without verifying the changes, and most Provinces and States do the same. This allows a fraudster to change your corporate information, such as adding a new director, changing the corporate mail address or designating another name as the corporate secretary/treasurer. Then all they have to do is print off a copy and take it to the bank and open an account with the information or have mail delivered to the changed address.
Changing the business registration information could allow them to purchase assets in the company name, sell company assets, get access to bank accounts and credit lines, and get credit cards issued.  

  2.         Cyber Crime: The main technique here is Phishing, which is when the cyber criminals send out thousands of emails that look like they are from a legitimate financial institution. It is usually an urgent message saying something like “we have detected unauthorized use of your account,” “detected a security breach,” or “too many log in attempts,” or some other reason. The web site looks legitimate and the email address is usually very close to the actual financial institutions address. The email instructs you to click on the link which will take you to the site and get you to reset your password and or enter your account number. No financial institution will ever send you an email saying there is a problem with your account. 

3.         Obtain Loans and Credit using the business owner’s personal information.  Just like personal identity theft, the purpose here is to obtain the owners personal information and then either conduct business in the business name or to obtain credit and other assets or open bank accounts by using the owner’s information. Think about how easy it would be for someone to walk into a bank, with your full name, address, date of birth, Social Insurance Number, employer and open up an account or to apply for a credit card on line. 

  Here are some TIPS to help you prevent Business Identity Theft; 

Ø      Review you banking agreement. Before you are a victim of Business Identity Theft, know your banks policies on liability for fraud on your bank accounts. Ø      Reconcile your bank account daily. By using online banking you can log onto your account and review balances and transactions. Report any discrepancies to your bank immediately.
Ø      Use a secure computer, that only you have access to, for your business banking. The computer must have anti virus and anti spy ware software protection. Use passwords that are at least eight characters long and change them monthly. Do not access your bank accounts through public internet or Wi-Fi spots and don’t use your smart phones to log onto your business bank accounts.
Ø      Educate all your staff on Phishing scams on line, and by telephone calls requesting information over the phone. I know of a situation where the administrative assistant gave out information over the phone, to what they thought was a legitimate call, by a vendor wanting to deposit the funds electronically. Resulting in losses to the company.
Ø      Protect all your business documents and information. Keep all financial and confidential information locked up and in a secure location. I worked on an investigation where the cleaners would come in at night and one of them would go to the receptionist computer, log on and down load confidential information and sell it to their competitor.
Ø      Shred all unneeded documents that have confidential or financial information on them. I prefer a shred company that supplies the onsite shred boxes and empties them on a regular basis.
Ø    Check your business registration information regularly. This can easily be done by going to Registry of Joint Stocks website www.rjsc.gov.ns.ca and entering your business name. 
Ø    Check your business credit reports at least once a year and more frequently if you suspect something. Reports can be obtained from Trans Union and Equifax and Dunn & Bradstreet.
Ø    Have high quality computer virus and spy ware software.
Ø    Train all your employees on Business Identity Theft prevention. This should be part of new employee training and orientation and make it a topic at staff meetings. Ø    Be aware of large orders from new customers or a new company. Do your due diligence by asking. Does the order make sense? Does the order information raise a red flag? Such as overseas address or a PO Box. If you are not sure call the customer or email for additional information.
If in doubt, hold the order back. It is better to delay an order from a new customer than to ship goods and not get paid for them. One results in a potential loss of a customer the other is a loss of inventory or cash.  

In closing keep in mind that cyber crime operates anonymously, the fraudsters don’t wear masks and rob banks. They conduct their crimes from the comfort of their own homes, they are very good with computers and many are well educated, they know the chances of getting caught are slim. All organizations should make Business Identity Theft part of their risk management program. Talk to your insurance broker to see if you have coverage for Business Identity Theft.

Visit our site for additional blogs at: www.eastcoastfraud.ca

The High Risk of Fraud in the Accounting Department

Posted on 5 January, 2014 at 13:44 Comments comments (11)

 

No where in an organization is the opportunity for fraud the greatest and the catastrophic losses the highest than in the Accounting/Bookkeeping department.   The accounting department handles large inflows and outflows of cash and cheques, that a dishonest employee can find numerous ways to commit fraudulent acts. Not only can they commit the fraud, but they also have the means to conceal it, because they have too much control over the accounting function and the secrecy that surrounds the financial information.

As a Certified Fraud Examiner, I am seeing a huge increase in accounting fraud, with devastating consequences to the owners and shareholders of the business. If you read the papers, there is something every week about another organization finding themselves a victim of employee fraud. Many of these businesses actually close or go bankrupt because of the losses.  

In many small and medium firms, it is usually just one or two individuals who process accounts receivable and payables, receive cheques and make deposits at the bank.
As stated above there are many opportunities for bookkeepers to commit fraud, but most employees would never consider such a thing. The Association of Certified Fraud Examiners states that in order for fraud to occur, three things must be present. They call it the fraud triangle, which consists of Motive, Opportunity and the Rationalization by the employee, to commit the fraud. Employers cannot control the Motive and Rationalization, but they can do something about Opportunity.
Implementing internal controls and monitoring them is essential. 

In many of the cases I have worked on in the past 20 years, I have seen a number of red flags that are common. While every case is unique there are a number of warning signs that owners and managers should be aware of.   

1. Lack of Delegation of Duties: As stated previously, many small firms have only one or two people in the accounting department. They essentially control every aspect of the accounting function, from invoicing clients, to Accounts Receivable, Bank Deposits, Bank Reconciliations, Cheque signing authority, and post all entries into the accounting system. 

2.  Gambling or Addiction Problems: Employees that have such problems have a greater need for additional funds, giving them a motive and the rationalization to commit fraud.
 
3. The employee who seems to live beyond their means: Employees, who spend a lot of money on clothes, travel, cars, and any other consumer item, may have a greater need and resort to fraud. These employees are concerned about keeping up the image of being successful and well off.
 
4. The employee who always complains about money: Employees who regularly complain about not being able to pay their bills, who borrow money from other employees and consistently require cash advances. This could be a red flag for fraud.

 5.   I don’t know why we are not doing better financially: As an owner/manager you have a pretty good handle on your revenues and expenses. If you think you should be doing better financially then you are, investigate it. Don’t take the bookkeepers reasons for such shortages, get evidence not explanations. At the very least it will give you a better understanding of the cause and the ability to correct it. 

Here are 4 risk mitigation strategies to help prevent accounting fraud in small and medium enterprises;  

1.   Segregation of accounting duties: By far this is the most important control, yet in almost every case I have seen. There is either, a lack of segregation of duties or a break down in the accounting controls, because of staff shortages in the accounting department or an employee off sick. Segregation means that different employees handle the various stages of the receiving of and disbursements of cash and cheques. As an example; let’s assume that we are a service industry that invoices clients weekly and receives payments in the form of cheques in the mail In many enterprises the bookkeeper would open the mail and post the cheques to the various client accounts. They would then do up the deposit, take it to the bank and then do the monthly bank reconciliation. They would also prepare all invoices, have cheque signing authority, add new clients and suppliers to the accounting system and be able to make changes to or override accounting entries. Essentially, they have control over every aspect of the accounting function and when senior management or the external auditors require an explanation of a transaction, they also have control over what explanation is given. A simple system of segregation of duties is to not allow an employee to control the whole process. Here are some easy controls to put in place:

a. The mail is opened by two employees and all cheques received for that day are then recorded into a cheque registry, which records the company, cheque number, amount and date of cheque. The cheques should also be stamped “FOR DEPOSIT ONLY” at this stage.  The cheque registry can then be compared with the actual deposits. If cheques in the amount of $15,000.00 were received on July 1, then the deposit book and the bank statement should show a deposit of $15,000.00 on July 1. Timing differences can occur but all deposits should be matched. Once the cheques are received and recorded, they are then forwarded to the Account Receivable department, where they are posted, by another employee, the bank deposit is then done up and another employee takes the deposit to the bank.  

b. The bookkeeper prepares outgoing cheques, and then gives the cheques plus all supporting documentation including purchase order, invoice, expense forms and any other supporting documentation to a senior employee for review. After examining each cheque and supporting documentation for legitimacy and accuracy, they will then sign the cheque. Ideally all cheques should have two required signatures. Then the cheques are put in envelopes and another employee mails them. The key here is once the bookkeeper prepares the cheques, they no longer have anything else to do with them. 

c.   Ideally the owner/manager should control the cash. This means that all bank deposits should be made by the owner. If this is not possible, then trusted employees from other areas or departments can make the deposits. Different employees can do different days and be sure to let your bank know who is eligible to make deposits. A bank card can be obtained that only allows deposits to the bank account, withdrawals or other transactions cannot be made on this card. The key is that there is complete segregation of duties. From the receipt of cheques, to preparation of invoices and bank deposits, no one person has control over more than one function of this process. 

2.   Screen accounting employees properly by conducting Criminal Records Checks and verifying references. Criminal records checks are important for obvious reasons. You can request an employee obtain one from the local police agency or you can use a firm that provides criminal records checks. My experience shows that most accounting employees, who commit fraud, did not have a previous criminal record, but they may have left previous employers under suspicious circumstances. It is also essential that reference checks from past employers, be completed on employees. I recommend the last two questions be asked 1. Do you have any reason to doubt the honesty of the candidate? 2. If the opportunity presented itself would you rehire the candidate?  

3.    Know your business: As the owner you have a pretty good idea of what your sales and expenses are and what your profit margins should be. If you have cash flow problems and don’t know why, look into it. In many cases I have worked on, this was a red flag that owners told me they thought there was something wrong but did not look into it, until it was too late. I recommend, to have a good working knowledge of your revenues and expenses and to know your gross margins. When I ran my business I knew my margins were approximately 18%, so $100,000.00 of sales a month should have given me $18,000.00 cash flow. If you have offices or branches in other regions, make sure you monitor them individually. If you think something is wrong, discuss it with your managers and accountant. A vertical and horizontal analysis of the Income Statement and Balance Sheet may give you a place to start. 

4.    Listen to employees and customer complaints: Frequently when a fraud is being committed it may affect suppliers, employees or customers. If suppliers are not being paid, then employees, who purchase supplies, will be told the account is not up to date. If customers complain about their accounts not up to date, when they make payments, this could also be a red flag.        

In conclusion, organizations of all sizes and types are victims of accounting fraud. Even large accounting departments with CFO’s, accounting managers and internal and external auditors, fraud still goes undetected. Only through sound internal controls, and astute managers will fraud be prevented and detected. The purpose of this article is a starting point, to get owners and managers to think about their own vulnerabilities in the accounting department and the impact to the organization if fraud occurred. Every organization is different so get help in conducting a fraud risk assessment and to set up sound internal controls and monitor them.

Visit our site for additional blogs at: www.eastcoastfraud.ca

How Not To Lose Your Life Savings to Fraudulent Investments and Advisors

Posted on 7 November, 2013 at 9:54 Comments comments (5)
How Not to Lose Your Life Savings to Fraudulent Investments.
 
As a former stockbroker turned fraud examiner, I am always dismayed when I hear about another investor getting swindled out of their life savings. It hurts the reputation of not only the firm involved but the industry as a whole. The securities industry is one of the most highly regulated industries in Canada with Investment Advisers being carefully screened, regulated and monitored. The firms are also highly regulated, by Provincial Securities Regulators, National Securities Regulators and their in house Compliance Departments. So with all this regulation, how can investors lose their life savings to bad investments and dishonest advisers?
 
I just read an online comment about a well publicized case in Halifax, where the blogger asked “What do we pay the Securities Regulators for, when investors continue to lose their savings” by bad advisers and investment scams. In my opinion that is like blaming your local Police Department when your house gets broken into or your car gets stolen. By saying they should have been there to prevent it.  The Securities Regulators are in a similar position; they do not have the resources to monitor each and every investor account.
 
While this may seem to be a long-winded explanation, I use it to drive home the point that investors must take at least some responsibility for their investments. No one will look after your money better than you will.
 
Here are some suggestions to follow to help you sleep a little better at night, at least when it comes to your investments.
 
1. Determine your investment objectives: By identifying your short and long-term goals. Determine how much risk you want to take and what kind of return would you like. Keep in mind the higher the return the higher the risk.
Once you have developed your investment objectives, stick to your plan. Don’t allow your advisor or relatives to talk you in to taking more risk than what you set out to take. Stick with investments you know and understand, if it is too complicated then pass on it. Make sure your advisor knows your objectives and it is reflected in the New Account Application Form. Advisers have to follow the Know Your Client rule (KYC). Review your investment objectives annually and update the KYC form. As an example; if your investment objective is 60% Income and 40% long-term growth, do not be forced into short-term trading or borrowing to invest.
 
2. Do your Due Diligence: Your Due Diligence should be done when selecting a new adviser, when choosing a firm and when selecting appropriate investments.
 
Selecting an Adviser – Most investors choose an adviser by either someone referring that person to them, by calling a firm and getting transferred to an adviser or by receiving a cold call from an adviser. It doesn’t matter how you got the name, your job is to ensure that you trust the adviser and you feel comfortable working with them.
You are hiring someone for one of the most important jobs, managing your money. So instead of being interviewed by the adviser you should interview them for the position. Just like if you were hiring someone for a job placement. Tell the adviser you are looking to hire someone to manage your money and have some questions you would like to ask, to ensure a good fit.
Here are some due diligence questions to ask; remember to take notes of your interview.
 
1. How long have you been in the business and what is your educational background and credentials.
2. What is the value of the assets you manage for all of your clients? This can be important because advisers with big books of business are more established and probably have a more stable income. Some advisers will have a minimum account size, so if you do not meet that minimum size, find someone else to deal with.
3.  What is your investment philosophy? Are they traders, speculators, or asset gathers?
4.  What percentage of your clients assets are in stocks, bonds, mutual funds.
5.  What is the annual turnover of your client’s assets? The turnover determines how frequently the adviser trades stocks or mutual funds.
5.  Have you ever been subject to an investigation by the securities regulators? Do you have any pending complaints or investigations open now?
This information can be verified by going to Investment Industry Regulatory Organization of Canada (IIROC) and the Mutual Fund Dealers Association (MFDA). For IIROC enter www.iiroc.ca  then click on IROC Advisers Report and enter Advisers name. For MFDA enter www.mfda.ca click on For Investors, and then Check an Adviser.
For investors in the United States enter www.sec.gov then go to Education, Check Out Broker or Adviser, Then Central Registration Depository and Broker Check. Then add broker name.
 
Do not be intimidated and ask any questions you feel are relevant. If you don’t get the right answer, go somewhere else.
 
3.  Check Your Account Statement Every Month: This is extremely important for two reasons;
1. Early detection of errors and unauthorized trades or account withdrawals.
2. As a possible deterrent. Advisers may be more hesitant to tamper with an investor’s account that checks the statement every month and calls and asks questions.
 
Your monthly account statement is a summary of your investment holdings, their value, any buy and sell transactions, any dividends or interest paid and any account withdrawals or deposits.
When your monthly statement arrives, review the asset summary section to verify the securities in your account are correct, including cash held. Then check the total value for this month compared to the previous month. Review the account activity section. This will show any purchases or sales of securities and dividends or interest received and any other fees charged to your account.
For each transaction, you should compare the statement with the buy and sell transaction slips you receive for each purchase or sale. Save all your confirmations and statements.
 
 
 
Some other Do’s and Don’ts:
 
-                     Do not make any check payable to the financial adviser.
-                     If an adviser pitches an investment and says you have to act right now, pass on it. Any good investment will be available later. This tactics is to instill a sense of urgency in the investor.
-                     Be aware of pitches from individuals who are selling to a specific group that you belong to, such as religious, nationality or hobbies. While this is a legitimate prospecting tool for many advisers, the unscrupulous adviser will prey on a specific group. This is called infinity fraud, and the investor’s justification is that so many other people you know have invested into it. It must be alright.
-                     Be aware of unrealistic returns, either for one year or over a period of years. 
-                     Be aware of guaranteed returns, especially higher than market rates of similar investments.
-                     Check to see if the firm is registered with the regulatory agency and if the specific investment is registered.
 
Many of us spend more time looking after our cars than we do our investments. Do your home work; ask questions and most of all trust your instincts.
Visit our site for other blogs at: www.eastcoastfraud.ca
 
Happy Investing

Fraud & Risk Management for S&M Enterprises

Posted on 31 August, 2013 at 10:45 Comments comments (5)
We are pleased to have added a Blog to our site. We will be covering topics that affect Small & Medium Enterprises such as Investment Fraud, Corporate Culture and Fraud, Corporate Identity Theft and Enterprise Risk Management. We encourage our many clients and friends to offer suggestions and comments. More to come shortly.

Fraud In S&M sized Businesses

Posted on 31 August, 2013 at 10:33 Comments comments (2)
We are excited about adding a blog to our site. It is our intentions to cover topics in Fraud and Risk Management that affect Small and Medium Enterprises. Planned topics will include Investment Fraud, Corporate Culture and Fraud, Retail and Hospitality Fraud, and Enterprise Risk Management.
We welcome comments from our many friends and clients. Check back later for our first blog.

Rss_feed