How Trusted Employees Commit Fraud

Many small businesses are family-owned and operated with employees that have been with the company for years. Manager oversight can become lax. Staff and co-workers are like "family," or they may actually be family. Long-term employees are trusted. But it is when owners and managers don’t maintain proper controls over their processes that those closest to them may commit fraud. Following are two actual cases of fraud to illustrate the criticality of having and enforcing controls.

Family business

Our first fraud case involves a small, family-owned tractor store, where two brothers owned the company, and their wives managed all accounting functions. When the two wives were ready to retire, one of the owner’s sons, James, took over as the bookkeeper. He performed all accounting functions to include accounts receivable, accounts payable, payroll, and bank reconciliations. As he was a trusted family member, there was no consideration given to oversee his work. He had a company credit card and the ability to sign checks. All of this power left the door of opportunity wide open for fraud to be committed.

James began small, by using the company credit card to buy personal items such as gas, dinners out, and clothes. But once he got his feet wet, his dishonesty continued to grow. His use of the company card for personal items increased in frequency and amount, but no one at the company noticed, as he was in charge of paying the credit card bills and reconciling all bank statements.

Soon James began embezzling from the company through payroll. Since he was also tasked with payroll processes, he simply began paying himself for excessive overtime hours that were not valid. For his next act, he began writing checks to himself. The actual checks were written to him, but on the check stubs that were kept on hand, he wrote names of legitimate recurring vendors. He keyed the same legitimate vendors’ names into the accounting system. Once the bank statements were received, he then altered the images of the checks on the statements to cover his name and his tracks.

The final piece of James’ fraud scheme involved opening a personal bank account at the same bank that the company used. There, he could easily transfer funds from the company’s account into his. This allowed him to not only pay the company’s credit card bill, but also pay off his new personal credit card that was opened at the same bank.
The end of James’ fraud scheme came when another family member, his cousin, was searching the online bank accounts for a cancelled check and ended up witnessing many company checks written to James and signed by James. Over the two-and-a-half-year scheme, James stole at least $60,000 from his father’s family-owned business, causing cash flow problems from which they are still recovering.

Small, family-owned businesses are not immune to fraud. Even the most trusted employees can be persuaded to commit fraud and steal from the company, given the opportunity. Owners and managers must maintain oversight of all financial transactions and utilize separation of duties where possible.

Fraud at the top

Fraud can also be committed at the top, by executives who have been trusted to help run the company or organization. Owners and managers must remain vigilant and have a second set of eyes on all financial processes. Putting all your trust into one person allows them the opportunity to commit fraud, should internal pressures ever push them to it.
In a large fraud case at a small business nicknamed the Fruitcake Fraud, the controller, Sandy, embezzled nearly $17 million in a span of nine years. The controller, as in our other case, started small by stealing from the bakery’s petty cash drawer. His fraud scheme quickly escalated when he couldn’t make payments on his new car. He wrote a company check—which the computer software automatically signed with the president’s name—to his bank to pay his car payment. He printed the check but voided that check number in the system. Then he printed a check to a legitimate vendor for the payment in the system, but never actually mailed the check to the vendor. This allowed the books to balance numerically.

Sandy created 888 fraudulent checks during his nine-year fraud scheme. He was given the ability to create invoices, write and "sign" checks with the president’s signature, and reconcile bank statements without a second set of eyes. Sandy and his wife enjoyed lavish vacations costing $3.3 million and purchased thirty-eight luxury vehicles during this time. Behaviors such as living beyond one’s means should have been a red flag to the owners and other executives at the company.

A key process that should remain in place in all small businesses is to review all voided checks and ensure that none of the voided checks have been processed. Additionally, the bank reconciliations should have been completed by someone other than Sandy. The lack of that control allowed the unauthorized checks to slip through the cracks.

Sandy’s fraud was discovered when a new accountant on the team noticed a check written to a bank that they had never done business with. She dug deeper and quickly found discrepancies in eleven voided checks. Sandy was charged, but the company only reclaimed about $5 million of the $17 million that he embezzled.

Key takeaways

As these cases demonstrate, small businesses are often more susceptible to fraud due to a lack of controls and segregation of duties. Adding just one more set of eyes to a process can make all the difference. One person should not have the ability to control the entire check-writing process, nor should only one person have the job of reconciling monthly bank statements.

Additionally, policies and procedures should require the physical maintenance of all voided checks. A list of voided checks should be reviewed and compared to physical checks and bank statements to ensure no voided checks in the system were processed. All checks should require a signature from someone other than the person writing the check. This is also true for electronic payments as the use of written checks is less frequent in today’s world. Oversight by a second set of eyes is key.

These frauds were committed by trusted employees and started out small, but quickly grew as the fraudsters became more comfortable stealing from their companies. Even the most trusted employees require oversight to keep them honest. It is easy for small, close-knit businesses to think "this could never happen to me," but fraud can truly occur anywhere. Preventing and deterring fraud is much easier than dealing with the aftermath.
If you would like more information about implementing controls to prevent and deter fraud in your business, R&A CPAs would be happy to help.