Key Components of a Fraud Risk Prevention Policy

By Mark Lowers,

fraud prevention

Preventing organizational fraud demands systematic planning and implementation. This entire process, from inception and assessment to performance evaluation is complex, even in smaller organizations. Yet, the payoff for the effort can be huge.

In this post, we offer an overview of the elements of a fraud prevention program that would be useful in any organization. Summarized from, Managing the Business Risk of Fraud: A Practical Guide, produced by a consortium of associations, the guidelines point to specific steps managers can take to implement an effective fraud prevention program. … Continue reading

Lessons in Occupational Fraud and Fraud Prevention

By Mark Lowers,

Occupational fraud is a huge drain on organizations’ resources, costing an estimated global loss of $3.7 trillion dollars annually. And according to the Association of Certified Fraud Examiner’s (ACFE) 2014 study, just 14% of defrauded organizations are able to fully recover their losses.

Fraud is a very real threat to the bottom line of almost every organization in our economy. But it can be prevented, or at least mitigated.

There are 3 steps in setting up a fraud prevention program in your organization:

  1. Understand what fraud is and how it is likely to emerge.
  2. Identify potential sources of fraud in your organizations.
  3. Take steps to prevent fraud through processes or controls.

Ultimately, a healthy anti-fraud corporate culture that permeates from the top down will make your organization more crime resistant. This will take time to nurture, and it will take continuous effort to sustain, but in the end you can make occupational fraud an extinct disease in your workplace.

… Continue reading

How Does a Finance Director Steal $800K?

By Mark Lowers,

stolen funds

The short answer is that it is much too easy if basic controls are missing.

Cincinnati.com summarizes the missing controls in the case of Covington, Kentucky’s former Finance Director Bob Due in the lead paragraph of the story:

The city of Covington gave complete control over millions of taxpayers’ dollars to one man for more than a decade – an “inexcusable” error that resulted in nearly $800,000 embezzled, the Kentucky auditor said.

This is a classic story about an opportunist who defrauded his employer of almost a million dollars, yet avoided detection for years until he made a mistake in the summer of 2013. All of this loss could have been prevented with standard controls.

Going Solo

For 13 years, Bob Due was able to take money from the city right under the noses of four different mayors and four city managers. All told, he wrote 68 checks to himself, relatives, or fake vendors. In the aftermath, the audit revealed a slew of red flags that should have signaled danger:

  • Mr. Due was the IT system administrator with control of financial software, with no oversight.
  • General IT security was inadequate, with Due as system administrator.
  • Payables procedures were lax, such as the lack of a check register to compare beginning and ending check numbers.
  • The Finance Department had no written policies for revenue and collection.
  • The city did not have a credit card policy or track issued cards.

As Auditor Edelen put it, “What we have here is a breakdown in oversight. Mr. Due did not have a boss.” … Continue reading

Protecting Against Ghost Employee Fraud

By Mark Lowers,

fraud perpetrators

Payroll fraud accounts for about 9.3% of occupational fraud at a cost of over $300 million per year across all types of organizations. One of the most common forms of payroll fraud is the use of “ghost employees” to divert money to fraudulent identities. Like all organizational frauds, this is a hidden crime that can best be prevented by controls designed to expose all payroll transactions.

The Ghost in the Payroll Machine

A “ghost employee” exists only as an identity in payroll records, although the ghost may be a real person who does not actually work for the company. The ghost employee scam is only successful if the perpetrator has unmonitored access to company systems, so it is typically an inside job. The scheme works if:

  • The ghost identity can be added to payroll records.
  • The system has to be set up to make payments to the ghost, either for false time and/or wages, or for other types of payments, e.g., expense reimbursements.
  • Payments made to the ghost must be concealed, especially from existing controls.
  • Actual disbursement – the point of the fraud – occurs.  … Continue reading

The Changing Culture of Risk

By Lowers & Associates,

occupational fraud

There are a couple trends in our current society that lead many to believe that risks from human capital are on the rise. You might refer to this as the “cultural context of risk.”[i] If indeed human capital risks are on the rise it makes sense that C-suites have a greater obligation to take action to identify, assess, and act to mitigate the risks they face.

One trend is exemplified in the increasing incidence of occupational fraud (see our graphic summary of fraud). The most worrisome aspect of this is that it may reflect a change in our culture toward less personal honesty or restraint – sociologists would refer to this as a decline in “social control” as opposed to the formal control of law enforcement. If this is true, employers face a permanently more difficult challenge in finding employees they can trust to work for the good of the organization.

The second trend may actually be part of a social response to the failure of social control. In place of allowing organizations to control their own behaviors, government has adopted some increasingly stringent regulations ranging from SOX, to the Fair Credit Reporting Act, to the Consumer Finance Protection Bureau. These legal controls create a rigid, maybe brittle, operating environment that exposes organizations to much higher risk for specific kinds of employee-based failures. … Continue reading