The $18 billion timebomb – how to deal with employee fraud

Employee fraud costs Australian businesses $18 billion a year and no business can afford to ignore the risks. EMILY ROSS asks the experts how businesses can safeguard against white-collar crime.

By Emily Ross

Employee fraud costs Australian businesses $18 billion a year and no business can afford to ignore the risks. We ask the experts how businesses can safeguard against white-collar crime.

White-collar fraud is alive and well. And 2008 is proving to be another year of catching out employees who find ways to filter funds. 

Some of the latest crooks caught in the act include:

• Rogue trader Jerome Kerviel who cost French bank Société Generale a record $8.2 billion through unauthorised trades.
• Senior staff at RailCorp in New South Wales allegedly defrauded the business of at least $20 million.
• A St George Bank employee has been charged with defrauding the bank of $1.4 million over eight years.
• A McDonald’s drive-thru employee in California has been arrested for double-swiping customers’ ATM cards and pocketing the cash.
• On 7 May a former North Melbourne AFL premiership footballer went on trial in the Victorian County Court charged with 31 counts of conspiracy to defraud Victoria University of $1.1 million through false maintenance contracts.

In Australia, law firm Hunt & Hunt estimates that employee fraud in Australia costs $18 billion annually. “It’s mind-boggling just how creative these people can be,” says entrepreneur Sheilah Etheridge, owner of US-based specialist firm SME Management. Etheridge does “clean up” work for companies whose accounting practices go awry. She also performs audits dealing in financial crimes. “There are many things an employer can do, but very few follow through on it,” she says.

The simple truth is that too many businesses rely on trust. Audit principal with WHK Horwath Peter Sexton “prefers accounting systems that do not require trust”. In his line of work, Sexton sees what can happen to a business with a criminal on board.

One of Sexton’s cases involved the CEO of a subsidiary of a large company setting up his own personal side company to source equipment, which was then sold at a significant mark-up to the subsidiary he managed on behalf of the parent company.

“He pocketed approximately $16 million over several years,” says Sexton. He was caught by the CFO of the parent company through an ASIC search on the company supplying the equipment to the subsidiary. Bingo.

According to KPMG Forensic, the typical white-collar criminal is a trusted male executive, commits the fraud alone, and works in the finance department.

Recently Sexton has seen a rise in expense payment fraud, in particular electronic funds transfer (EFT) fraud. “I suspect some accounts payable clerks have seen how easy it is to substitute their own bank account details into a list of payments ready for authorisation,” he says. “The authorising officer, presented with a long list of payments, has no way of knowing if the bank account numbers are correct.”

Who is going to know if that petrol/restaurant bill was for work or a night out with mates?

Gambling is a key motivator of white-collar theft, especially in finance departments. “It is the biggest motive by far,” says Sexton. “Women spend it at the pokies, men tend to bet on the horses.” Other classic motivations for staff to commit fraud include financial stress, drug habits, feeling underpaid and the sense that the company won’t notice what goes missing.

Once dodgy employees start stealing and they don’t get caught, the theft tends to escalate. Stealing assets, corruption and fake statements such as quotations and invoices are the major categories of employee fraud.

Fraudulent staff can create false invoices for the company to pay. With software, a quality printer and insider knowledge it is not hard for fake invoices to be drawn up on authentic-looking letterhead.

These tricks are hard for auditors to trace. “Auditors will only pick up blatant fraud,” says Sexton. “Clever people are good at covering their tracks, which is why investigations need to carry out tasks such as having cheques returned from the bank to see where the funds end up.”

Cost is a big deterrent for employers wanting to investigate fraud. According to Etheridge, many companies “feel that they have already lost enough and chances of prosecution are slim, so they (don’t want to risk) spending more to determine how much was taken or what method was used to embezzle. That is a huge mistake.”

The typical reaction is to fire the offender and close the book on the case. It can be embarrassing to admit this has happened to staff, clients, banks and other suppliers.

Smaller businesses become more vulnerable to theft and abuse because of the lack of resources to keep check on operations. In these circumstances it is important to keep close watch. Says Sexton: “If a CEO or director of a small business is unable to regularly authorise payments before they occur, then they should review the list of payments made as soon as possible thereafter. It’s about maintaining a culture of control.”

The chief executive/director should be reviewing other things as well, such as weekly bank reconciliations and monthly accounts, and should be asking penetrating questions of their bookkeepers to ensure they both understand the accounting results. “In my experience I have not found evidence of fraud where a culture of control is noticeably in place,” says Sexton.

Founder of design consultancy Sweet Design, Fiona Sweet, has lived through every small business owner’s nightmare. She hired a production manager for her business who appeared to be “terrific and efficient”. Trust was established and Sweet says she “believed her lock, stock and barrel.”

When Sweet’s regular bookkeeper fell ill, her production manager suggested a friend to help out with accounts. Things were running smoothly so Sweet stepped back and let the bookkeeper and the production manager get on with their work.

“I started pulling back from that [financial] side of the business,” says Sweet. For the next two years, the employee stole thousands from the business – “well into five figures”, says Sweet.

She carefully drained funds from business accounts, supplied false invoices to accounts, tampered with accounting records to increase her salary, claimed personal expenses by allocating the costs to Sweet Design jobs, organised hire-purchase of a television for her home through the company, and even asked her boss to pay off a couch as her “credit card was broken”.

The production manager was caught out, as many are, when she went on holidays. “I found a cheque that had been put into her account,” says Sweet. When the production manager returned from holiday she was met by Sweet, her lawyer and her accountant. She admitted to certain offences and was escorted from the building to the local police station.

It took two years to catch this thief. There were “hundreds of clues” before Sweet finally twigged that things were bad. Instead of being suspicious, Sweet thought she just needed to work harder.

The decision to offload the accounting side of the business cost her a lot more than money. “It’s not just the money you lose, it is the cost of a well-paid employee not doing their job,” she says.

Losses include clients not being managed properly, even losing clients, having to change bank accounts, locks, passwords. It took “a lot of cups of tea” with clients to smooth things over.

Rest assured, Sweet now checks every aspect of company finances. She has found a new production manager, “an old friend” and the business is thriving. “It has taken a long time to recover,” she says.

Anti-fraud checklist

Create a culture of control: Accept that it is possible that every employee could commit fraud. If the company will not tolerate theft, it needs to continually perform checks and measures.

Introduce a fraud policy: Communicate it clearly throughout the organisation; it must include what employees can do if they suspect fraud within the business.

Don’t leave important financial tasks to one person (such as bank deposits and reconciliations): Make sure two or more people are involved so as to ensure proper control. For example, the person who does the bookkeeping and prepares cheques or EFT advices for payment, should not also be the one authorising those payments.

Ask a lot of questions: Check the authenticity of suspect invoices and keep original invoices on file. Require two signatures of cheques for more than an agreed amount.

Keep many eyes peeled: Encourage staff to come forward to anonymously report any suspicious activity. Hire external auditors. “It only takes a few hours per month and prevents a lot of theft,” says Etheridge. Spot check details of payments with a master list of supplier bank account numbers which should kept secure but accessible. Use software to cross check payments and staff bank accounts. Business owners and chief executives not around to sign all the cheques need to return and review cheques signed while they were away.

Look at processes: Sick pay is another fraudulent activity. Make sure that employees know that a medical certificate is required for a sick day. Do not sign cheques for new suppliers without verifying their authenticity and association with the company. Ensure “soft” expenses such as marketing, advertising and consulting are rigorously crosschecked. Never pre-sign cheques.

Structural shakiness: Try job rotation. After the accounts department, upper management and executive-level employees are the ones to keep the closest eye on. Make sure all staff take their required holidays per year. “Trusted employees” who never take holidays and work late are prime suspects.

Read more on fraud