Common Fraud Red Flags
â€śI Should Have Known!â€ť
When you hear the news that someone was just arrested for committing fraud at their work, it is usually accompanied by fellow employees or managers saying one of two things. Either, â€śI never thought they were capable of stealingâ€ť or â€śI should have seen it coming.â€ť Why do employers say that they â€śshould have knownâ€ť and how exactly is it that they should have known? In my experience, there are some common characteristics of people who perpetrate a fraud. And if business owners are aware and vigilant about their business, they might never have to say, â€śI should have known.â€ť
When you hear the news that someone was just arrested for committing fraud at their work, it is usually accompanied by fellow employees or managers saying one of two things.Â Either, â€śI never thought they were capable of stealingâ€ť or â€śI should have seen it coming.â€ťÂ Why do employers sayÂ that they â€śshould have knownâ€ť and how exactly is it that they should have known? Â In my experience, there are some common characteristics of people who perpetrate a fraud.Â And if business owners are aware and vigilant about their business, they might never have to say, â€śI should have known.â€ť
First, business owners need to understand how a fraud can occur.Â The four common elements needed to perpetrate a fraud are: opportunity, rationalization, pressure, and capability.
- Opportunityâ€”The individual has to have the ability to abscond with assets or manipulate financial statements and go undetected. Generally, this happens because of inadequate or ineffective internal controls.
- Rationalizationâ€”Most people cannot rationalize taking money from their employer, but a fraudster creates a justification for their actions (e.g., they do not pay me enough, my child is ill, etc.).
- Pressureâ€”There is a reason why the individual needs the money. For example, maintaining an addiction, an illness, or a need for extra cash due to living beyond oneâ€™s means.
- Capabilityâ€”Perpetrating a fraud is not easy and someone who successfully does so has to be clever enough to pull it off.
Simply because the above elements are present does not guarantee a fraud will occur; however, when you do hear of a fraud, it is likely that some or all of the elements were present in those situations.
Adequately functioning internal controls (both preventative and detective) are the best way to prevent fraud. Â At the same time, an owner or manager can be mindful of telltale signs.Â Below are four common red flags as they relate to individuals that have perpetrated a fraud.Â If someone in your organization exhibits these red flags, you might consider how to mitigate those risks.Â This list is not intended to be looked at as all-encompassing or predictive of fraud, but these are the four most common red flags that we see during fraud investigations.
Employee with Longevity and Increasing Level of Trust
Employees that have been with the company for a long time typically understand how the company works and the procedures or controls; as well as how to circumvent those controls. Â As well, owners tend to trust employees with longevity and relax controls as a result. Â To mitigate this risk, companies should update, review and evaluate their controls regularly and require all employees, regardless of tenure, follow procedures.
I investigated a retail store where the manager stole over $350,000 in cash over five years.Â She was able to do this because as she was promoted (she started out as a cashier), she was given more and more responsibilities and trust, and since she had been around for several years, she knew all the processes as well.
Employee that Does Not Take Vacations
Employers often look favorably at employees who do not take vacations, seeing them as â€śhard workers.â€ťÂ However, in fraud situations, the individual perpetrating the fraud is generally not taking time off to avoid being discovered.Â Watching for irregular work patterns, too, can be telling (e.g., someone never misses a Thursday payday). Â Requiring employees to take vacations, specifically taking a single-extended period of time off, can help mitigate this risk.
In one case, I investigated a bookkeeper who never took vacations and stole $275,000 from her employer in just a couple of years.Â She was perceived as a hard and dedicated worker, but the reason she never took a vacation was not because she loved her work or wanted to put in that extra effort.Â This employee had several responsibilities (which is an area I discuss below) and one of her responsibilities included sending out invoices and statements.Â One of the companyâ€™s customers received incentives in the form of gift cards.Â Her company thought they were very diligent in tracking these gift cards; they even added the amount of incentives to each invoice.Â What the company did not know was that this employee was simply removing that line with whiteout, sending the invoices and keeping the gift cards.Â She was eventually caught when her car broke down and she was not able to make it to the office until late in the afternoon.Â When she got there, she was informed by the CFO that he just sent out the invoices to help her out. Â She came clean immediately and told the CFO what she had been doing; not too long after, the customer called wondering about â€śthose incentivesâ€ť on their invoice.
This is not only the case for people that do not take vacations at all, but someone who might take only a day or two off here and there.Â Another instance I investigated was a CFO who took vacations only early in the week.Â He would take a Monday and Tuesday off, but never took any vacation lasting longer than that.Â This again was looked at as someone that was a great team player, someone who sacrificed their vacation time for the good of the business.Â The truth was, the CFO could not risk being gone for any length of time because if someone opened up the mail, they might realize he had not been paying bills; he had been racking up credit card debt on personal items and he opened a new company credit card without informing or asking anyone.
Single Employee in Charge of Several Processes
For smaller businesses, it is challenging to have appropriate segregation of duties due to fewer employees; as a result, smaller companies must be creative about segregating duties.Â Having an owner, CEO or a non-accounting department individual open the mail and log in payments or invoices received is an effective, easy-to-implement control that can go a long way.
The CFO above who was not paying bills timely and opening credit cards without anyone knowing, opened and controlled all of the mail.Â The CEO was none the wiser when their bank mailed out usernames and passwords (in separate envelopes of course) for the CEO and CFO.Â Each user was set up to have different access and approval rights.Â The CEO was able to approve wire transfers but the CFO was not.Â By opening the mail, the CFO was able to obtain the CEOâ€™s username and password and approve the wire transfers he correctly created under his username.Â Small business, especially, can benefit from minor adjustments to processes that result in more effective internal controls.
Lifestyle Exceeding their Rate of Pay
One of the most obvious, and yet often overlooked, red flags of fraud is someone living beyond their means.Â When a staff accountant pulls up to the office one day in a brand new Porsche, people tend to assume that his spouse/family must have a lot of money.Â As an employer, being sensitive to disconnects between an employeeâ€™s lifestyle and rate of pay (and potentially coupled with other red flags) can sometimes determine if additional investigation is necessary.
One case I worked on involved an attorney who had a large house, expensive cars, an expensive wine collectionâ€”the whole nine yards.Â I was always told that he was never working, he was always home or hanging out at the country club.Â Everyone just assumed his wife had a lot of money, or that he had one big case that permitted him to seemingly take years off and still afford all his luxuries.Â When it was in the newspapers that he was stealing from clients, nobody seemed that surprised.
As consultants and business advisors, the more we work with our clients and teach them how to spot these red flags, the less we have to worry about hearing, â€śI should have seen it comingâ€ť from our clients.
Paul M. Fullerman, CPA, CVA is Manager of GBQ, LLCâ€™s Forensic & Dispute Advisory Services. His broad range of experience has taught him to appreciate a variety of industries and companiesâ€”which serves him well at GBQ. After beginning his decade-long accounting career learning the ropes in a one-man shop, Mr. Fullerman completed his internship at a major corporation and has worked for more than eight years in public accounting for several CPA firms. He is a graduate of Lake Erie College and is active with the following professional associations: American Institute of Certified Public Accountants; National Association of Certified Valuators and Analysts; The Ohio Society of Certified Public Accountants.
Mr. Fullerman can be contacted at (614) 947-5320 or by e-mail to PFullerman@gbq.com.