With all the buzz about cyberattacks and cyberthreats, it’s all too easy to take your eyes off of a common threat that is much closer to home—fraud that occurs within your own organization. While no business owner wants to think about embezzlement occurring within their own employee population, it can and does happen on a frequent basis.
Consistent with national trends, organizations with fewer than 100 employees are the primary targets. Additionally, there is an increase in financial crimes in which people are colluding with internal or external partners. Why? Cooperation increases their chances of success because collusion cases are more difficult to detect—perpetrators tend to be more creative than those who work solo. But, they can be exposed if organizations are diligent about curbing fraud and embezzlement.
Statistics show that companies that institute effective fraud policies experience a material reduction in financial losses should economic crimes occur. There are ways to reduce those losses, maximize earnings and save embarrassment. The following questions and answers serve as a starting point to begin thinking about what your company needs to do to either reinforce or put in place a strong fraud prevention policy.
What should we be doing to prevent fraud?
One of the most effective ways a company can minimize risk is by continuously reviewing and testing internal controls. Even though many executives believe their company’s internal controls are adequate, that might not always be the case. The material discrepancies between what management thinks is in place versus what employees are actually doing can be significant. That explains why constantly reviewing internal controls is a major deterrent to fraud and embezzlement.
Organizations should also educate their employees and vendors about what is expected of them regarding fraud and implement a fraud hotline outside the company through which employees and vendors can anonymously report real or perceived fraudulent activity. This hotline can be tied in with the American Institute of Certified Fraud Examiners (ACFE), local CPAs or law firms, or a multitude of other sources. The hotline should not be tied directly to company sources, though, because the people receiving the fraud alerts might be involved in the fraud.
Another step is to implement and enforce fraud policies. A surprising number of organizations have such policies in place but do not enforce them. Also, providing economic incentives to employees to encourage them to report fraud is helpful, as is the willingness to follow up on tips. Often managers will dismiss tips as hearsay and find out after they have been victimized that they were accurate. That is too late to prevent their losses. A clearly written fraud policy can reduce the chances of that happening.
What is a fraud policy?
A fraud policy is a “thou shalt not steal” document that allows companies to communicate with their employees on the reporting procedures they should follow if they suspect that fraud is going on. It is important that the policy is written and signed on an annual basis by all employees, from the top down. It sets the tone by specifying that fraud will not be tolerated at any level of the workforce and lays out the consequences to employees.
All employees who sign the policy acknowledge that they have not perpetrated economic crimes and do not intend to in the future. The signed document is a valuable tool should they commit such a crime and fall back on an excuse like they were only “borrowing” the money, as unauthorized “borrowing” is a fraudulent act.
What makes up an effective fraud policy?
An effective fraud policy outlines specifically what constitutes fraud and explains what the consequences will be, e.g., perpetrators will be prosecuted and, of course, terminated, and the company will seek restitution. It should include what activities are considered inappropriate and provide examples of fraud, such as misappropriation of checks, paying personal bills with company funds or using company property without permission. Ideally, it should be disseminated to outside vendors and customers in light of the increase in collusion cases that involve people outside the companies. That makes outsiders aware of the company’s firm position on fraud and may lead to alerts from them about the occurrence of internal fraud.
Is it costly to implement an effective fraud policy?
No, but it’s money well spent. Some of the anti-fraud recommendations have a dollar tag associated with them. Others do not, since they are nothing more than changes to policies that are already in place. Setting up a “whistle-blower” program or a hotline is relatively inexpensive. There might be fees associated with steps like changing where customer deposits are sent. It might be advisable for small business owners to have their company’s bank statements sent to their houses. That way, they can personally monitor every check or wire transfer to make sure it is appropriate. About 85 percent of all fraud that occurs is done through checkbooks and cash. So, simple mechanisms like reconciling every bank statement or setting up a physical lockbox for cash can deter fraud.
Overall, the costs associated with instituting an effective fraud policy depend on how inclusive a company wishes to make it.
Do Embezzlers Have to Pay Taxes on the Funds They Steal?
While this last question may seem like a joke, failing to report – and pay income taxes – on stolen funds happens to be a criminal offense. Believe it or not, gains arising from illegal activities such as extortion, prostitution, gambling, illegal drug trafficking, embezzlement, and fraud are all taxable for federal income tax reporting purposes. Al Capone was convicted and sentenced to 11 years in prison in 1931 for failing to report the illegal income associated with the bootlegging of alcohol during Prohibition!
If someone steals from your business, which is a crime in itself, the perpetrator is also likely committing a second criminal offense of failing to report their theft income on their personal income tax returns. While you may think that such a charge is comical, it’s a very clear-cut case to prosecute once the theft of funds has been established. The IRS can be alerted of the illegal activity – even anonymously – by telephone, or by submitting Federal Form 3949 A.
Have a question about fraud or any business advisory services? Contact Aaron Waller, CPA by calling (334) 887-7022 or by leaving us a message below.