By Pete Miller, CPA, CFE
Fraud is a significant problem for organizations of all kinds, from publicly traded corporations to community-based not-for-profits. According to the 2012 Report to the Nations on Occupational Fraud and Abuse conducted by the Association of Certified Fraud Examiners (ACFE), 5% of annual global revenue is lost to fraud—and that only includes fraud that is discovered or reported.
Unfortunately, nobody is immune, and people in positions of trust are well-placed to commit the most damaging crimes. Few incidents feel worse than discovering a trusted leader, partner, or employee is stealing from the organization they are supposed to be supporting. Beyond the loss of money, confronting fraud is mentally and emotionally taxing, distracts from your core business, and can negatively impact your reputation if not handled correctly.
To minimize financial and operational damage, it’s important to stay calm and follow a step-by-step plan. Doing so will enable you to deal with fraud more efficiently and effectively. Based on Clark Nuber’s long history of successfully investigating fraud at companies of all sizes, we present ten simple steps you should take if you suspect fraud at your organization.
1. Don’t Panic
Let’s face it: fraud is scary. It can feel like the rug got pulled out from under you, and it can be tempting to act rashly—confronting the suspect or firing them on the spot. But these actions may do more harm than good. Instead, stay calm and act rationally. You need to make a plan, gather and analyze evidence, and do what’s best for your company, and you can’t do any of those things when you’re blinded by rage or emotion. Remember: although it’s not always painless, other companies have been victims of fraud and gotten through it. As long as you get the right team on your side and approach things step-by-step, there’s no reason you can’t do the same. Even if you are not currently dealing with a potential fraud, it’s still worthwhile to work with your legal and accounting professionals to develop a plan that lays out how you would deal with a suspected fraud if it does occur. It’s easier to do it beforehand rather than in the heat of the moment—and the plan is likely to be more rational and complete.
2. Do Something
As important as it is to not overreact when confronted with fraud, it’s equally critical not to under-react. When a trusted member of your team appears to be doing something wrong, it can be tempting to sweep things under the rug. The situation is awkward to say the least, and many people ignore the problem—sometimes for many years—thinking it will just go away. Except it doesn’t. Ignoring fraud tells perpetrators and would-be perpetrators that they are free to do as they wish without consequences. Trust us: ignoring fraud always makes it worse. However, never take employment-related action without having solid evidence on your side. Doing otherwise is begging for a wrongful termination lawsuit.
3. Be Discreet
At least at first. While some perpetrators are surprisingly brazen—especially those who feel they are entitled to what they are taking—most are paranoid and constantly looking for signs they have been detected. If the fraudster becomes aware that others know, he or she may try to destroy evidence or otherwise cover their tracks, which can make it difficult or impossible to prove wrongdoing or prevail in a court of law. That’s why you should do everything you can to avoid alerting them to your suspicions until you absolutely have to. A good certified fraud examiner (CFE) can usually find ways to investigate without being too obvious about it.
4. Lock Down Relevant Data
You should be backing up all of your financial information and company communications anyway. If you’re not, now is the time to start. If you don’t have copies of information stored on hard drives, find an IT consultant who can copy the suspect’s hard drive discreetly. Preserve all email communications. And, of course, keep pristine copies of all financial information: payroll, bookkeeping records, expense reports, and so on. People who commit fraud are frequently those with access to such records. Having too much information is better than not enough—your CFE will know where to look.
5. Prepare to Rehire
If fraud is discovered, the minimum consequence should be termination of the employee, meaning you will almost certainly have to fill their position. Fraud is often perpetrated by people in positions of trust, including managers and executives. Not only will finding a replacement for a high-level position be challenging, employees’ sense of shock and betrayal can make the transition even more challenging. Prepare for these possibilities early.
6. Defend Your Reputation
The trust of partners, customers, employees, and the public (and donors, in the case of not for profits) is an invaluable asset to any organization. If mishandled, fraud can have a negative impact on that trust. What matters is how you deal with it. If you attack the problem quickly and decisively, you will almost always suffer less reputational damage than if you let the problem slide and it gets discovered later. People will find out about what happened—make sure they know the truth, and make sure they know what your organization did to correct the problem.
7. Money isn’t Everything
The financial consequences of fraud can be severe, and few victims recover 100% of what was taken. Given inevitable losses, it can be tempting to pinch pennies in the investigation and prosecution of fraud. However, as painful as financial losses are, protecting your reputation and setting an example are as or more important in the long run. While hiring a CFE and a lawyer and implementing better internal controls may seem costly, they are an investment in prevention.
8. Set an Example
Once fraud is confirmed, you may have a choice of penalties. There are three basic levels of consequences for fraud: termination, a civil lawsuit, and criminal prosecution. We encourage clients to impose the severest penalty allowed by law—all three if possible. It may seem harsh, especially if the perpetrator is a formerly trusted employee or even a friend, but everyone in your organization needs to know there is zero tolerance for fraud. Otherwise, you risk encouraging other would-be perpetrators down the road, and that’s not in anyone’s interest.
9. Get help
Don’t try to handle fraud on your own. It’s fraught with legal and accounting issues. The first call you should make is to your attorney. The next call should be to a trusted accountant with experienced CFEs on staff such as Clark Nuber. CFEs know where to look for evidence of fraud, how to preserve that evidence, and, if necessary, how to explain it to judges, juries, and law enforcement officers. You will also need to get your insurance company involved if there is evidence that fraud has occurred. If you have an employee dishonesty policy in place you may have grounds for a claim under that policy and the ability to recover some of your losses.
10. Make Positive Changes
No matter what your situation, it’s never too early to take preventive measures against fraud. For one thing, it’s important to recognize the importance of internal controls. It’s tempting to trust external audits, but these are not designed to uncover fraud. The CFE study cited earlier shows that external audits are one of the less common ways of detecting fraud.
On the other hand, a tip from an employee, customer, or vendor is the most common way that fraud is discovered. And organizations with anonymous tip hotlines were more likely than others to catch fraud through a tip. Tip hotlines are not as expensive or complicated to set up as you might think, and they’re worth looking into.
If you decide to set up a tip hotline, it’s important to publicize it inside your organization—and not only so people can report fraud. Letting people know the hotline exists is part of a highly effective strategy referred to as “perception of detection.” It’s much harder to justify stealing from a company if the potential perpetrator knows the risk is high. Given that most fraudsters are not career criminals, they are likely to be receptive to deterrents. Two other policies that create the perception of detection are surprise audits and mandatory vacations or role-switching. If these policies are to deter fraud and not just detect it after the fact, they must be known by and applied to everybody in the organization—from the CEO to the task worker.
Fraud can happen to anybody. It’s important to get beyond the initial shock and disbelief and approach the problem rationally and with the same strategic awareness you would any other business decision. Using proven approaches, it is possible to recover from fraud, or, even better, reduce the risk of it occurring in the first place.
© Clark Nuber PS, 2013. All Rights Reserved