The CPA Journal

Preventing Employee Fraud by Minimizing Opportunity

By Thomas A. Buckhoff

As defined by the Association of Certified Fraud Examiners (www.cfenet.com), employee fraud entails the use of one’s occupation for personal gain through the deliberate misuse or theft of an employer’s assets or resources. Most businesses do not realize that employee fraud can be a serious threat to business profitability.

“Employee Fraud: Perpetrators and their Motivations” (Thomas A. Buckhoff, The CPA Journal, November 2001), used the “fraud triangle” to explain what motivates employees to commit fraud. Three essential elements are common to all types of fraud schemes: opportunity, pressure, and rationalization. Many employees are under financial pressure and lack personal integrity; consequently, where opportunity exists, fraud often occurs.

The best way to minimize the opportunity to commit fraud is to implement a good system of internal controls. The three primary objectives of internal controls are to:

An adequate internal control system should include the following four procedures:

Proper authorization and segregation of duties. The same employee should not perform more than one of the following job functions: authorization, execution, custody, and recording. The authorization function requires one employee to direct another employee to initiate and execute a transaction. The purchasing department then executes the transaction by placing an order for the requested materials with an approved vendor; a copy of the purchase order should go to the accounts payable and receiving departments. The items are delivered to the receiving department (a custody function), which, after verifying that the items had been ordered, should document their receipt and forward copies of the receiving documents to the accounts payable and purchasing departments. The vendor’s invoice is sent to the accounts payable department, which, after verifying that the invoiced items have been ordered and received, prepares a check and then adjusts the accounts payable records accordingly (a recording function). Finally, an authorized check-signer should review supporting documentation (e.g., a purchase order, receiving report, and vendor invoice) to make sure that paid invoices are for items that have been ordered and received. Once the authorized check-signer is satisfied that the supporting documentation is in order, she should both sign the check and control the mailing (a custody function).

An employee who possesses two or more of these functions has what are commonly called incompatible responsibilities or inadequate segregation of duties. Such a situation can provide employees with the opportunity to commit fraud.

Consider the following case study of John, a long-time project manager for ABC, a medium-sized construction company. John, had the responsibility to initiate purchase orders, an authorization function. Because materials were delivered directly to the job sites, John also verified that the materials had been received, a custody function. John had incompatible responsibilities that provided him with an opportunity to commit fraud that he then exploited. John simply created a fictitious (or shell) company called Specialty Supply Company. He then created bogus purchase orders (an authorization function) that were sent to a post office box John had set up for Specialty Supply Company. Using an Excel-generated invoice template, John then created bogus invoices and submitted them to ABC for payment.

John initialed the vendor invoices (a custody function) to confirm that the items had been received. A check was then prepared, signed, and mailed. John created a bank account in his own name doing business as Specialty Supply Company. John handwrote “Specialty Supply Company” on the backs of the vendor checks, then deposited them into the account. Over a three-year period, John stole $100,000 in this manner, and would have stolen more had the fraud not been detected through a tip from John’s wife.

John’s fraud could have been prevented by adequately segregating the job functions of authorization, execution, custody, and recording. Of course, employees possessing different functions can conspire together, but such situations are not the norm (80% of all frauds involve one person acting alone). Thus, the risk of fraud could be greatly reduced by adequately segregating job functions and making it very difficult for one person acting alone to perpetrate fraud.

Adequate documents and records. Documentation and records provide a paper trail that helps the company keep track of its assets, liabilities, and owners’ equity. Companies with poor systems for tracking their resources tend to be breeding grounds for fraud. Understandably, employees are less inclined to steal if evidence of the theft is readily available in the company’s documents and records.

Physical safeguards. Companies should protect physical assets and accounting records by limiting access by unauthorized personnel. Such safeguards include cash registers, locked storerooms, passwords, fireproof safes, and fences around storage lots. Properly implemented, these safeguards minimize the opportunity for misuse or theft of the company’s assets.

Independent checks. The notion underlying independent checks is that if employees know that their activities are being checked by others, the perceived opportunity to perpetrate fraud is reduced. For example, when an independent person (i.e., not a cashier) at a retail store compares the cash register tapes to the cash in the register and bank deposits, the manager is making sure that all cash rung into the cash register was deposited in the bank. Such independent checks not only guard against employee fraud but also uncover honest mistakes.

Few employees that steal expect to be caught and punished. Thus, an effective way to prevent fraud is to make employees think they will be caught and punished if they steal. Instilling this “perception of detection” in employees’ minds is the single most effective way to prevent fraudulent activity. Implementing and adhering to a good system of internal controls helps protect profits from fraud.