Skip to content

Unacknowledged Fraud Risks in Small and Midsize Businesses

July 30, 2012

I claim that most small and midsize business owners either don’t understand or don’t acknowledge their fraud risks.

The difficulty, however, lies in justifying that claim.

First of all, the published statistics for workplace (or “occupational”) fraud are educated guesses, and honest publishers of those statistics will state that up front.   So there is certainly no hard basis for making the claim.

Secondly, small and midsize business owners are generally loathe to think about workplace fraud.  Retail store owners can be the exception, though their concerns are likely related to to the types of fraud that they can “see” or measure:  shrinkage, inventory loss, hands-in-the-register, cash that never makes it to the register, etc.

Reported frauds tell a very different story.  Small and midsize businesses reported frauds are often cash frauds committed by back-office employees.  The owners and executives of the victimized companies didn’t actually “see” the theft until thousands (and occasionally millions) were gone and nearly unrecoverable.  Back-office cash theft can be virtually invisible while it’s happening.

But fraud reports do not make for accurate statistics.  So I’ve taken a different approach to sensitizing business owners to the risk.

I often speak to groups of owners and executives.  I recently made a presentation to a group of small and midsize business owners that was sponsored by the Middlesex Savings Bank.  I began by asking the attendees how many of them personally knew of a business that had been defrauded of over $10,000.  Over 50% of the attendees raised their hand.  That’s typical of every group I speak to.

I then asked the attendees how many of them personally knew of a business that had suffered over $10,000 in fire damage.  About 25% of the attendees raised their hand.

Finally I noted that in all likelihood the business’ insurance paid for most of the fire damage; that’s what insurance is there for.  But in all likelihood the business’ insurance did not cover a single dime of the theft.  Not one red cent.

So let’s summarize the apparently “illogical” situation.  Businesses help mitigate the risk of fire loss by purchasing protection from an insurer.  But even though the risk of fraud damage appears to be greater than the risk of fire damage small and midsize business owners rarely carry fraud insurance.  What’s wrong with this picture?

That’s a tough question to answer.  Certainly the insurance costs have some influence.  But my guess is that pride and trust also affect the decision.

I’m not saying that businesses should always carry fraud protection insurance.  But I believe that all business owners should at minimum identify their fraud risks just as their insurance agent identifies their fire risk.  Owners will need help to do this; they simply don’t know enough about workplace fraud to make such an assessment on their own.  Regardless of whether or not they decide to take action to reduce their fraud risk, a failure to even assess the risk seems rather short-sighted, doesn’t it?

a

TraceTech Solutions provides small businesses with unique, low-cost financial books monitoring services.  Learn more about TraceTech’s services here: TraceTech Solutions website.

Start from the most-recent blog post here: TraceTech Solutions’ Blog. We publish new articles frequently.  If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.

Anti-Fraud Controls Should Include Accessing the Books

April 13, 2012

TraceTech Solutions, LLC helps small and mid-size business owners to protect their organizations against the most-common back-office cash frauds.  Over the years we’ve developed a small but simple and strategic list of financial controls that we feel all our clients should implement to defend themselves against these schemes.

The list contains well-known controls gathered from and repeated in many sources.  It had been static for about a year.  But we recently added a new control to the list.  One borne from experience.

Here’s how it happened:

Several months ago we were engaged by a professional to do some investigatory work.  He suspected that his bookkeeper had been dishonest.

He owned two businesses.  His bookkeeper had set up separate QuickBooks files for each.  We investigated one of those files.  It became clear that over the last several years the bookkeeper had been giving herself  “unauthorized raises”.  Our client quickly terminated the bookkeeper’s employment.

Since we had only investigated one of the two files, we recommended that our client also look at the other file for suspicious activity.

He called us back a couple of days later with some surprising news.

He couldn’t open the other QuickBooks file.  At some point, perhaps even years ago, the bookkeeper had changed the password – without telling him, of course.

It’s now been several months since we ended our investigation.  To this day, he has been unable to view the other business’ books.

As a result of that incident we  now recommend that our clients and prospective clients personally open each set of electronic books quarterly – just to make certain they can still get in.

It’s a simple control.  It requires about one minute of time every quarter.  If they find that they can’t open the file they need to remedy the problem asap.  Once they open the file they should check the numbers and satisfy themselves that the password change was an innocent oversight on their or the bookkeeper’s part.

a

TraceTech Solutions provides small businesses with unique, low-cost financial books monitoring services.  Learn more about TraceTech’s services here: TraceTech Solutions website.

Start from the most-recent blog post here: TraceTech Solutions’ Blog. We publish new articles frequently.  If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.

Are My Financial Controls Working?

April 1, 2012

It’s habit.  Whenever she exits her apartment, my 88-year-old mother-in-law locks the door then turns the handle to see if the door is indeed locked.  She could teach many business executives something about financial controls that probably never occurred to them.

First consider financial controls themselves.  Organizations implement financial controls to protect their assets.  There are basically two types of financial controls: those that are designed and implemented so that good things happen, and those that are designed and implemented to prevent bad things from happening – or at least detect a bad thing before much damage is done.

All enterprises, even single owner enterprises, have financial controls.  The success of those controls depends on many factors including but not limited to the “tone” of the organization, its internal and external financial expertise, the structure of the organization and the skills and personnel that make up the organization.

That being said, no organization I know of has a perfect set of controls.  Controls deal with processes and people.  As processes, the effectiveness of controls is far more predictable than the people who implement those controls.  When the need arises and the opportunity presents itself, even the most trusted employee can be tempted to eliminate their perceived “pain” by circumventing controls and concealing a theft from managers, executives, accountants and auditors.

The one and only way to determine, then, if financial controls are working as intended is to test them.  Here’s where my mother-in-law’s behavior comes into play.  She not only implements a control (by locking the door) she also tests the control (by making certain that the door is locked).

Unfortunately, testing financial controls is usually more difficult than implementing them.  Many key financial controls are transaction-oriented.  Testing those controls requires examining a significant number (ideally all) of transactions.  Manual procedures cannot possibly look at a large enough sample of transactions to determine if a control is working properly.  But technology can examine more transactions in a minute than manual procedures can examine in month.  Technology is not a perfect testing solution but it’s more cost-effective than any other.  For additional information, just contact us through this website.

a

TraceTech Solutions provides small businesses with unique, low-cost financial books monitoring services.  Learn more about TraceTech’s services here: TraceTech Solutions website.

Start from the most-recent blog post here: TraceTech Solutions’ Blog. We publish new articles frequently.  If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.

Background Checks on Prospective Accounting Employees

March 22, 2012

Dateline: January 30, 2012

Headline (NY Times): “In Million-Dollar Theft Case, Church Worker With a Secret Past”.

Summary: A 67-year-old accounts payable clerk for the New York archdiocese has been indicted for embezzling $1,000,000 from the church.  According to prosecutors and auditors, the embezzling had been going on for seven years.    The accused clerk prayed and volunteered often.   She had gained the complete trust of the staff.  And if the church had done a background check before hiring her in June, 2003, they would have discovered that she had been convicted of grand larceny in one case and had pleaded guilty to a misdemeanor in another.

A background check on an A/P clerk?  Yes.  Along with background checks for any other position that receives, disburses or manages large sums of the organization’s money.  That includes accounts receivable clerks, bookkeepers, controllers and CFOs.  Depending on the organization and the responsibilities of the various administrative employees it might also include office managers, secretaries, receptionists and anyone at all who will have access to blank checks, checking accounts, credit cards, payroll and/or significant sums of cash.  The blogs on this site detail dozens of frauds perpetrated by employees in these roles.

Background checks aren’t’ perfect.  They uncover “problematic” information only if a “problem” has been reported.  Many problems are never reported.  But the red flags that the checks do turn up can literally save a business.

David Sawyer, President of Safer Places, Inc., in Middleboro, MA (www.saferplacesinc.com), recommends that prior to making an offer to any candidate for these types of positions, prospective employers should at minimum:

  • start with a name & address history search so as to know where to look for criminal records and what names to search under (records are not filed by Social Security number)
  • search the courts in all jurisdictions where the candidate has resided for the past 10 years (minimum)
  • check the candidate’s credit history
  • search a national criminal history database and check sex offender registries in all 50 states

Some positions may warrant additional searches.  A search specialist like Dave will help hiring executives to understand the types of checks that will make the most sense.

a

TraceTech Solutions provides small businesses with unique, low-cost financial books monitoring services.  Learn more about TraceTech’s services here: TraceTech Solutions website.

Start from the most-recent blog post here: TraceTech Solutions’ Blog. We publish new articles frequently.  If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.

A Tale of “Trust but Verify”

February 26, 2012

TraceTech Solutions was founded upon the phrase “Trust but Verify”.  After six years at an accounting firm it became clear to me that neither owners nor accountants have the time or the tools to verify a business’ books.  So it’s never done, a fact that allows bookkeeping errors – both unintentional and intentional – to go unnoticed.

The unintentional errors usually do little harm but they may be an indication that controls should be tightened.  The intentional ones…that’s another story.

An attorney first introduced the phrase “Trust but Verify” to me many years ago.  It was, he said, the motto of any good attorney.  He practiced “Trust but Verify” internally by personally signing every single check issued by his office and personally reconciling every single bank statement.

The attorney called me a few weeks ago.  It seems that despite his vigilance his verification efforts weren’t enough.  He had discovered that his trusted paralegal, in his employ for eighteen years, had over the past two years circumvented his verification controls and pilfered $20,000 using a check fraud scheme he couldn’t have even imagined.

Hypothetically he inquired whether TraceTech’s methods could have spotted the theft earlier.  I had to tell him that the scheme his paralegal used is not unusual…and its’ one that TraceTech always checks for.  But that will be the subject of another blog.

Sadly, every “incident” like the one above is the work of a person or persons that the business trusted.  That’s a hard fact for any business owner to swallow.  “Trust but Verify” is an integral part of any business, though.  From reading reports and plans to examining work at a job site, “Trust but Verify” moves organizations forward.  TraceTech Solutions has simply applied the concept to an area where Trust has been traditionally been bestowed but Verification has traditionally been difficult to obtain.  Times have changed…

a

TraceTech Solutions provides small businesses with unique, low-cost financial books monitoring services.  Learn more about TraceTech’s services here: TraceTech Solutions website.

Start from the most-recent blog post here: TraceTech Solutions’ Blog. We publish new articles frequently.  If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.

Lessons from a Chinese Restaurant

January 24, 2012

Yesterday my wife and I dined at our favorite Chinese restaurant.  We love the establishment.  Nearly everything on the menu is cooked in a dish-specific sauce.  The food presentation is lovely.  The wait staff are pleasant.  And once a week the restaurant stocks a dinner buffet that’s to die for.  The lines can get a little long but the food is worth the wait.  The buffet includes about twenty dishes and although a few dishes appear week after week the rest of the buffet dishes vary from week to week.  My wife and I try to get there at least once a month.

And yesterday, for the first time I noticed that the owners had set up a hand-sanitizer dispenser immediately inside the front door.  Perhaps the owners placed it there a while ago and I never paid attention to it.  But that doesn’t matter.  Its presence got me to thinking about being cautious.  That’s exactly what the owners were doing: being cautious.

After being seated and having finished a cup of hot and sour soup I approached the buffet and for the first time really “noticed” the clear cough shields just above the food trays.  They’ve been there as long as I’ve been going to this restaurant but it was another reminder of the precautions the owners had taken (although in this case the precautions were likely mandated by the board of health).

Then, as I left the buffet area with a plateful of food I grabbed a pair of chopsticks as I always do.  And for the first time really “noticed” that Chinese restaurants no longer wash and reuse chopsticks as they do with flatware.  Now all chopsticks are individually wrapped, used by one and only one customer and then disposed of.  Although this, too, may be mandated it’s just another sign of the precautions taken by restaurants to protect the health and well-being of their clients.

“Caution” is also an important word when dealing with a business’ financials.  TraceTech Solutions, LLC was formed to provide business owners with a precautionary option that had never been available.  TraceTech provides a second pair of eyes on a business’ books.  We leverage the power of IT to look for nearly-inevitable bookkeeping errors and the occasional possibility of theft.

TraceTech doesn’t believe that most bookkeepers intentionally make bookkeeping errors.  But the fact is that bookkeeping is a manual, detail-oriented task often performed by multi-tasking administrators.  Errors creep into books and sometimes never come out.  Errors that can skew financials reports.  Errors that can stymie people who try to make sense of the numbers.

And then, occasionally a dishonest bookkeeper will intentionally enter errors.  Or enter valid but fraudulent transactions.  The results can range from mildly annoying to catastrophic.

Either way, the operative word for owners is “caution”.   This blog site has always provided its readers with simple and effective precautionary tools that can reduce the risk of financial theft and reporting error.   We encourage our readers to learn from our past blog posts.  A little caution can go a long, long way to saving a business.

a

Start from the most-recent blog post here: TraceTech Solutions’ Blog. We publish new articles frequently.  If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.

TraceTech Solutions provides small businesses with unique, low-cost financial books monitoring services.  Learn more about TraceTech’s services here: TraceTech Solutions website.

How Heavy is a Ghost?

December 2, 2011

Last week a sales executive I know contacted me and asked if might be able to substitute for her at an upcoming networking group meeting.

Networking groups (for those who don’t know about them) are forums for businessmen and businesswomen to get to know each other and exchange ideas and referrals. In one segment of a typical networking group meeting every attendee has the floor for one or two minutes to tell the other group members about the product or service that they provide to their customers and clients.

Anyway, after I told Meaghan that I’d gladly represent her at the meeting she sent me the text of the message that she wanted to pass on to the group. Part of the message was that her employer, Solex Payroll (www.solexpayroll.com), can typically slash a business’ payroll costs by 30%-50%.

Believe it or not, the statement made me jealous – just because it contained a real, honest-to-goodness, verifiable statistic.   A statistic that Solex Payroll could back up if asked.

I wish I were that lucky.  No one, and I mean NO ONE, has any reliable statistics about workplace fraud.

Not that statisticians haven’t tried.  There are, in fact, published statistics about workplace fraud.  But all of those statistics are based on reported fraud losses.  The “gotcha” is that no one knows the percentage of workplace frauds that aren‘t reported.  Worse: investigations that uncover workplace fraud may fail to uncover all the schemes that are being used.  And worse still: investigations that do not uncover fraud may miss frauds that are actually there.

So trying to determine the scope of the workplace fraud problem is akin to trying to weigh a ghost.  In order to measure something you need to be able to “encapsulate” it.  That can’t be done with workplace fraud.

Statistics can send a powerful message, though.  So when I address a large group I always have the group generate  “local” statistics about workplace fraud.  It usually opens a lot of eyes and drops a lot of jaws.

A few months ago, for example, I presented a workplace fraud webinar to B2B CFO, a nationwide organization of part-time CFOs (www.b2bcfo.com).  Prior to the webinar I had asked the members about their personal experiences with workplace fraud.  I presented the results of this informal survey in the first few webinar slides.  Here they are:

  • 57% of responders personally knew a business that had been defrauded of over $20,000
  • 66% of the known perpetrators were either executives or on the accounting staff
  • 61% of the known perpetrators had been with the business for three or more years
  • 65% of the responders felt that the losses were either “major” or had seriously impacted the business

As I pointed out the to the attendees, as shocking as the results seem these numbers are typical for groups that I speak to.

So how much does the ghost weigh?  Darned if I know.  But it’s probably heavier than most business executives believe.  And ignoring the ghost can come back and haunt you.

a

The TraceTech Solutions’ blog specializes in articles that discuss actual small-business frauds and what small-business owners can do to prevent them.  Start from the most-recent article here: TraceTech Solutions’ Blog. We publish new articles frequently.  If you’d like to receive a new article the instant that it’s published, click on the Subscription link in the upper right part of this page.

TraceTech Solutions, LLC provides small businesses with unique low-cost fraud monitoring and detection services.  Learn more about TraceTech Solutions’ services here: TraceTech Solutions website.