An article in the Wall Street Journal today referenced exit interview statistics collated by the Corporate Executive Board (CEB). In 2008, the CEB reported that 42% of employees would not recommend their employer to others. In 2011, that number jumped to 76%.

“Big deal,” you say. Employees are being asked to work harder, and some of them are leaving. Disgruntled employees that are voting with their feet can’t harm your company, right? On the contrary! Let me share some thoughts.

• The employees that are sharing this information during their exit interviews are being honest and forthright. How many employees choose not to answer questions truthfully as they exit a company? I would hazard a guess that a sizable percentage chooses not to bad-mouth their employer, no matter how disgruntled they may be.

• If over 75% of employees that are leaving are disgruntled, what about the employees that remain? Surely some of the remaining employees are just as disgruntled as the ones that are leaving? The only difference is that they have chosen to stay—or they have no options outside of the company.

• As soon as an employee becomes disgruntled, does he or she leave a company? Rarely. The anger and frustration normally fester and grow until the employee can no longer stomach working for a company that he or she hates. While the pressure builds and the resentment grows, it is realistic to assume that the employee’s performance will suffer.

All very interesting, but why include this in a blog about fraud?

Readers of this blog may recall my previous post where I discussed the “fraud triangle.” The triangle contains three elements: pressure, rationalization, and opportunity. Disgruntled employees don’t like working for their company. In fact, some may hate the company with a passion that’s normally reserved for mortal enemies. How hard do you think it is for them to rationalize that committing fraud is justified? Would committing fraud help them “get even” with their employer?

So, disgruntled employees have at least one component of the fraud triangle covered: rationalization. They also likely have the opportunity to commit fraud, as oversight and compliance efforts have been cut back in companies of all sizes. All that remains is a form of pressure to complete the triangle. That shouldn’t be too hard to find. Not many employees can claim to be better off today than they were five years ago.

Given my expertise, it is not surprising that I read the WSJ article and thought of the points raised above. What I hope you learn is that disgruntled employees leaving your company is not cause for celebration. It may be a symptom of a much bigger problem that might end up costing your company money. Lots of it. I hope that I am wrong, but history has a habit of repeating itself.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

“I can almost guarantee that within the next 60 to 90 days, I will read about a similar case involving a bookkeeper, fraudulent wires, and a stolen credit card. “ – Paul McCormack (You can find the original post here)

And here it is! Well almost…

The credit card was not stolen, and the fraud involved an office manager, not a bookkeeper. But close enough!

USDOJ press release:

“Baker admitted that between June 2003 and June 2009, she embezzled from her former employer, referred to in court documents as the “Law Firm,” by wrongfully writing checks from the law firm’s accounts and diverting them to accounts she controlled and to pay off personal credit cards. Among other things, she opened a bank account in the name of a fictitious company called “Corporate Solutions” in order to conceal the flow of money. Baker’s actions caused wire transfers of large sums of money between and among various banks in the Federal Reserve System.”

The “points to ponder” from my previous post still stand.

Call me Carnac the Magnificent or Paul the Experienced Fraud Investigator (I respond to both), but I can see into the future. I predict that in the next 60 to 90 days, there will be another fraud involving wires, credit cards, and a bookkeeper or office manager.

Who wants to bet against me?

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Sure you do. We all love our customers, right? They literally pay our bills. Then why is it that so few companies take steps to protect their customers’ information?

As I discussed previously, it is not unusual for employees to take the entire contents of a customer relationship management system on to their next employer.

Here are ten steps that can help protect your customers’ information:

1. Select a CRM solution that has robust security features built in.

2. Grant access only to employees that have a business need.

3. Monitor employee access, usage, and manipulation of CRM data.

4. Limit users’ ability to download the contents of the database.

5. Don’t allow users to view accounts that belong to other salespeople.

6. Ensure that all users have the most up-to-date virus scanners on their computers.

7. Terminate access as soon as an employee leaves the company.

8. Encrypt mobile phones and laptops used to access the CRM platform.

9. Ensure that a log of records printed and emailed is available and frequently monitored.

10. Subtly let employees know that your company monitors what they do with the data.

There are additional steps that I typically recommend, but that’s more than enough for now. Your customers thank you for reading this list.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Shalena P. Leggett worked hard while employed by a Sacramento real estate developer. But rest assured, her employer wishes they had never hired her. In fact, they have 468,000 reasons why hiring Leggett turned out to be a very bad idea.

From March 2008 through October 2009, Leggett wired $382,000 from her employer’s bank account to an account in the name of her son’s grandmother. Unfortunately for Grandma, it looks like Leggett used the funds for her own personal expenses and not Grandma’s.

In addition, Leggett stole her company’s credit card and made ATM withdrawals totaling $86,000. (To add insult to injury, we all know that cash withdrawals from credit cards normally come with crushing interest rates.)

Total loss: $468,000

Not a bad return for Leggett, given that she only worked for the developer for 20 months!

Here are some points to ponder:

1. Could this happen at your business? Does a “trusted” employee have the ability to wire funds from the company’s accounts? (Note: As this case shows, never rely exclusively on your bank to detect internal fraud.)

2. How often does your company reconcile its bank accounts? Is the reconciliation performed by someone other than the employee who completed the original transaction?

3. Does the same employee control your company’s bank accounts and handle incoming mail? (Hint: This is a REALLY bad idea.)

The three areas mentioned above are just the beginning. From an experienced fraud practitioner’s perspective, there are many, many lessons to be learned from this fraud.

Here is the problem: businesses rarely invest the time to learn from the misfortunes of others. Unfortunately for them, they may end up being the next victim.

I can almost guarantee that within the next 60 to 90 days, I will read about a similar case involving a bookkeeper, fraudulent wires, and a stolen credit card. The company in question will likely lose at least six figures, and the perpetrator may or may not receive some form of punishment. As for the money, that will be long gone, never to be seen again. The proceeds from embezzlement schemes such as this are rarely recovered.

No one can guarantee that your company can become “fraud free” (if they do, they are lying or don’t know what they are doing). But trust me, you don’t have to ignore the threat or wait for  fraud to happen. Thinking that it will never happen to you is tempting fate. Victims of fraud, especially small businesses, never feel like they had it coming. On the contrary, it normally hits them like a ton of bricks.

With minimal time and money, you can dramatically reduce the likelihood of fraud happening. Really. Prevention does pay off. You can never eradicate the threat of fraud, but you can make it much harder for employees as well as third parties to steal from you.

If nothing else, please invest one minute of your time to consider the points I raised above. It may end up being the best investment you’ve made all year.

If you are interested, here is a press release from U.S. Attorney, Eastern District of California:

http://www.justice.gov/usao/cae/news/docs/2011/06-21-11LeggettGuiltyPlea.html

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

They’re all gone. Every single customer you had has just walked out the door. No one told you. They didn’t ask permission to leave (why would they?), but rest assured they are gone.

Your phone calls to customers are not returned. Emails are ignored. You’re still waiting patiently for that sales order that will make it all worth the effort. It’s not going to happen. Ever. Your business is toast.

Mike in sales left last week. “Not a big loss.” “Where is he going? Never mind…who cares?!?!”

Mike, the salesman no one was sad to see leave, left with the contents of your entire customer relationship management system (CRM). He also took all your company’s sales manuals as well as your company’s pricing process and cost structure. Mike and his new employer now have all they need to “win” business from your company’s customers. Their calls are being returned. In fact, they just won a huge order from your company’s biggest customer.

CRM is a blessing and a curse. Companies can benefit tremendously from having a complete record of their interactions with customers. However, giving your entire sales force access to your company’s CRM solution can result in exactly the scenario I detailed above (by the way, this is a real case that I investigated).

Think of it this way: you’re having a dinner party at your house for 20 of your company’s employees and significant others. When the guests arrive, you tell each of them to take an unaccompanied tour of the house. Make sure that you have all of your valuables on display, your wallet with cash clearly visible, your watch and jewelry sitting unattended for all to see. What are the chances that something will go missing? Do you really want to take the chance? In the event that something goes missing, how will you catch the thief?

Certainly this scenario is an extreme example to illustrate a point. But that’s the idea. It doesn’t make any sense to let 20 employees and their guests wander around your house when all of your valuables are left scattered around! Yet companies routinely grant employees unfettered access to their CRM database.

My next post will discuss best practices for preventing theft of CRM data. In the meantime, take the time to think about your company’s CRM solution. Would you know if “Mike” from sales had downloaded your entire customer database just before he left the company?

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Quotes from the special investigation into CRCT cheating at Atlanta Public Schools:

“We found cheating on the 2009 Criterion-Referenced Competency Test (CRCT) in 44 of the 56 schools (78.6%) we examined, and uncovered organized and systematic misconduct within the district as far back as 2001.”

“We found that 178 teachers and principals were involved in cheating in 44 schools.”

“A culture of fear and a conspiracy of silence infected this school system, and kept many teachers from speaking freely about misconduct. From the onset of this investigation, we were confronted by a pattern of interference by top APS (Atlanta Public School System) leadership in our attempt to gather evidence. These actions delayed the completion of this inquiry and hindered the truth seeking process.”

“All we want are the facts, ma’am.“

I want to be very clear upfront: this post is not meant to assign guilt or innocence to any of the schools, principals, or teachers that were allegedly involved in cheating on the CRCT. I strongly believe that as soon as an investigator inserts his or her personal opinion regarding whether an individual “cheated” or “committed fraud,” his or her independence can be called into question. With that said, the authors of the Atlanta Public School cheating scandal have been quite definitive regarding who cheated and who didn’t. Clearly, that is their prerogative.

The report sets out three primary reasons why the authors believe that cheating took place:

1. Targets set by the district were often unrealistic. The administration put unreasonable pressure on teachers and principals to achieve targets.

2. A culture of fear, intimidation, and retaliation spread throughout the administration.

3. Dr. Hall, the school system’s former superintendent, emphasized test results and public praise to the exclusion of integrity and ethics.

What can companies learn from the APS investigation? There are many, many lessons that can be learned, but below are my initial thoughts:

1. Be very careful what you ask for; you might just get it – If a company demands performance but does so through fear and intimidation, there may be short-term gain, which will lead to long-term pain. The tactics employed may come back to haunt them.

2. Nothing remains hidden forever – Eventually, employees will break and report their concerns to whoever will listen. It is almost impossible to keep a secret of this magnitude in any environment, never mind a corporation where employees have access to email, the Internet, instant messaging, etc. People love to talk, and when they do, what they say often ends up on the front page of newspapers nationwide.

3. Tone at the top really matters – It starts with the CEO and rolls all the way down through executive ranks to the front-line supervisors. Employees need to know that the company’s senior leadership abides by the company’s code of conduct and expects employees to do the same. Don’t expect an organization to perform in an ethical manner if the leadership appears to be morally bankrupt.

4. Even the best employees can go “bad” – As I have said before, not all fraudsters are bad people. Even the most ethical employee can commit fraud when the circumstances are right. Ensure that the “perception of detection” – the belief by employees that they will be caught committing fraud – remains high. Don’t allow your company to create a climate where employees can succumb to temptation.

5. Deploy an employee hotline and follow up on all tips – Companies of all sizes can benefit from an employee hotline. It is by far the most effective method to uncover fraud. Just as importantly, every tip that is received should be investigated to its logical conclusion. As soon as employees believe that the company is not treating tips seriously, they will stop calling and become very disillusioned. In fact, it is not unusual for the tipster to become the fraudster when they see others “getting away with it.”

In my opinion, if all of the allegations detailed in the report are true, everyone loses, but the biggest losers are the children. They literally don’t know what they don’t know. As they enter college and eventually the workforce, they may never fully appreciate what a disservice they received by “passing” the CRCT.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

In the not-too-distant future, companies will begin hiring again. Some of the newly hired employees will be receiving their first paycheck in months, possibly years. Others will be abandoning small companies that they started in favor of the stability that comes with a full-time position.

These newly hired employees will likely be extremely grateful for their new job, but they may also bring a great deal of baggage accumulated during their unemployment. Are they likely to commit fraud in their newly found role? Not necessarily, but how well prepared is the company that they are joining to prevent and detect fraud?

Throughout the recession, companies have maintained a laser-like focus on cutting costs. In order to be “lean and mean,” checks and balances meant to prevent fraud have often been abandoned or neglected. Even if the internal controls remain, the employees responsible for ensuring compliance may not. They could have been either laid off or assigned to cover the work of other employees that have been laid off previously.

Academics will argue that there is a strong correlation between unemployment and corporate fraud. I’ll leave that discussion for another day, as it deserves its own post. However, there is a strong link between lack of internal controls and fraud (so says the Association of Certified Fraud Examiners). And let’s not forget the “fraud triangle” developed by Donald R. Cressey, which includes three factors that are present when fraud is committed:

• Pressure – The “would-be fraudster” has an urgent need for money

How many employees, when faced with calls from collections agencies and/or losing their house or possibly their significant other, have not been at least momentarily tempted to commit fraud? Contrary to popular belief, not all fraudsters are “bad” people. In fact, the vast majority of the fraudsters that I have met during my 16-year career are normal people that have made bad choices or experienced a run of bad luck.

• Rationalization – “It’s OK; I deserve it” or “They’ll never miss it”

Sometimes, by its own actions a company can unwittingly help an employee rationalize why it is OK to commit fraud. For example, a fraudster that I interviewed was passed over for promotion three times with no real explanation as to why. Shortly after the third rejection, she decided to steal from the petty cash. It was her way of punishing her employer. Unfortunately for her, she ended up being the one who was punished; she lost her job shortly after the fraud was discovered

• Opportunity – Checks and balances have been removed. There is minimal management oversight, or management is overly distracted with running the business. Preventing and detecting fraud is not a high priority.

Now more than ever, employees have the opportunity to commit fraud. With no one minding the store, the opportunity to take money without being caught may be too appealing to ignore.

So what should a company that’s about to begin hiring do? Here are some areas to consider:

• Revisit existing internal controls – You don’t have to automatically reinstitute all of the internal controls that were previously in place and subsequently abandoned. However, existing employees as well as new hires should have a strong belief that the company will catch them if they commit fraud. The “perception of detection” can serve as a very strong deterrent for most employees.

• Hire ethical employees – Conducting background checks, verifying an employee’s educational credentials, and calling references are all necessary steps to ensure that new hires have integrity and can be trusted. Take the time to understand what makes the candidate “tick.” After all, you are about to grant them access to your business and ultimately, your money. Trust, but always, always verify.

• Have new hires sign a code of conduct – Establishing early on their employment, ideally on their first day with the company, what is expected of them as employees is often overlooked by small- and medium-sized companies.

REPORT THIS AD

Hiring new employees is not a risk-free endeavor, and this is certainly not a complete list of steps that you can take to prevent fraud by new hires.

Your company has weathered the worst economic cycle in recent memory. Now is not the time to welcome a new employee in to the company only to have him or her commit fraud.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Fraud costs small businesses money – lots of it. But that’s not the end of the story. In fact, for some business owners, that’s only the beginning of a rather painful journey. Whether the fraud involves employees, third parties, or both, the impact on a small business often takes the following forms:

• Fraud destroys the owner’s confidence – Having a fraud take place on your “watch” can trigger a wide range of emotions. Anger, frustration, regret, and self-doubt are all normal reactions to fraud. How the owner overcomes those emotions can make a huge difference in how quickly the business recovers – or whether it recovers at all.

• Opportunities to expand disappear – Opportunities to expand typically require a cash investment. While the fraudsters line their pockets with your cash, opportunities to expand evaporate.

• Family and friends lose faith – Many small businesses, at least initially, rely upon investments from family and friends. When the owner has the unfortunate task of notifying them that the company has been a victim of fraud, the reactions can range from pity to anger. Post-fraud, investors are understandably reluctant to put more money into the business.

• Likelihood of business failure increases – With less cash on hand, small businesses are often unable to respond to the inevitable “surprises” that occur while running a small business. In the event that a critical piece of equipment breaks or cash is needed to meet payroll, the company’s financial resources can be stretched to the breaking point. Meanwhile, the fraudster is spending the product of the fraud as they please.

Preventing fraud losses keeps hard-earned cash in the business. Just as importantly, it also helps small business owners avoid the severe emotional toll that fraud creates.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

What a fantastic response! I have been overwhelmed with a long list of blogs to review! I love what I have read so far. I’ve also personally learned a great deal of helpful information to boot! To make sure that I fully review each submission, I’ll announce the Fraud Happens blog of the week tomorrow (Tuesday).

Clearly, there are a number of talented fraud, security, and compliance bloggers out there! Keep ’em coming!

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Since I started my blog, I have received tremendous support from fraud practitioners around the world. Whether they post comments here on the blog or on LinkedIn discussion threads, I am truly appreciative of the time and effort these individuals have taken to provide feedback and share their experiences. I have learned a great deal from their comments and hope that I have provided valuable information in return.

Now it’s my turn to help.

Beginning October 10, I am launching a new feature on this blog to help publicize other fraud-related blogs. In fact, I plan to profile more than just fraud blogs. I would like to include risk, compliance, legal, and security-related blogs as well. There are so many talented bloggers out there to choose from in each of these areas!

So here goes: beginning October 10, each week, I will profile a blog that I think my visitors would enjoy reading. Specifically, I’ll share what makes the blog unique or special and explain why it is worth visiting and subscribing to. If you have a blog that you would like me to visit, please email me at pmccormack@connectics.biz.

I look forward to sharing great blogs and helping other bloggers get their “day in the sun.”

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

The lawsuit involving Hooters and Twin Peaks has already triggered a wave of clever, and not so clever, headlines, but it is really no laughing matter. (With this post, I suppose that I just added a headline to the list. You be the judge as to which category it falls into.)

The dispute involves Joe Hummel, the former  EVP of operations at Hooters. Hooters alleges that as he was leaving the company, Hummel stole over 500 pages of sensitive business information and trade secrets.

He is now employed with La Cima restaurants. Unfortunately for Hooters, La Cima is in the process of launching the Twin Peaks restaurant chain (any guesses what the new chain will “feature”?). Before joining La Cima, Hummel allegedly downloaded Hooter’s marketing plans, contract agreements, recruiting tools, and sales figures – some or all of which are likely trade secrets – and then emailed them to himself using his personal email account. If this is true, how could it have been prevented? I regularly help companies prevent IP theft, and I can tell you that there is no easy fix. Instead, it requires a multi-pronged approach using the right mix of people, processes, and technology.

What is a trade secret anyway? The short answer is whatever you say it is! The more detailed answer is that a trade secret must be secret (not widely known), be of value because it is not widely known, and treated as a secret at all times. In this case, it is not entirely clear if all of the information that Hummel allegedly took would meet the definition, but at face value, certain elements would appear to fit the bill. I would strongly suspect that Hooter’s marketing plans were not widely available within the company or the industry as a whole. Would the marketing plan be of value because it is not widely available? Ultimately, that is for the courts to decide.

Asking the courts to pursue employees that steal trade secrets is certainly within your company’s rights, but I would liken it to putting toothpaste back in the tube once squeezed. It is time consuming and potentially very messy, and the end result may not justify the effort.

Does your company have any trade secrets? (Hint: the vast majority do.) What have you done to protect them? Could an outgoing executive steal your company’s trade secrets? Would you even know?

If the answer to any of the questions above causes concern or leaves you wondering about how well protected your trade secrets may be, we can help. Just don’t wait until a theft occurs. By that time, the toothpaste is out of the tube…

Hooters is not alone in dealing with this type of situation. Given the glamorous nature of their business, they are unlucky enough to attract media attention when things go wrong. That said, could your company be next?

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

I guess not. Eleanor Zapanta allegedly stole $712,000 from the Center for Spiritual Living by, wait for it…writing 250 unauthorized checks.

If your organization uses checks in any way, shape, or form, be very, very careful. Zapanta’s fraud allegedly took place over six years. The church only has an annual budget of $1.2 million. Assuming that the money was stolen at the same rate each year, that’s just under $120,000 per year, or 10% of the annual budget, lost to fraud. Normally, a check fraud starts small and grows until it is discovered, but you get the point – the church lost a huge percentage of its budget from just one fraud scheme.

Given the information shared in the original news story, let’s see what we can learn or infer:

1. Church business managers should never be left to their own devices. Someone in the organization needs to review their work on a regular basis. Fraud thrives on secrecy, lack of oversight, and misplaced trust.

2. Check stock must be locked in a file cabinet or safe when not in use, and it should only be accessible when two individuals are present. I know – it feels like overkill, but consider the losses associated with just the check frauds that I have discussed on this blog. I have many, many more check frauds stored and analyzed in our global case studies database. Check fraud can easily cost well over $500,000, and it is almost 100% avoidable.

3. Don’t rely on your bank to stop embezzlement. Most banks do quite well at detecting and preventing check fraud perpetrated by third parties. Embezzlement, or fraud committed by an insider with access to checks, however, is a different matter. How exactly should a bank uncover an embezzlement if the checks are signed by an authorized signatory?

4. Reconcile your organization’s bank statements on a daily basis. As part of that reconciliation process, ensure that checks issued have the appropriate supporting documentation such as invoices, purchase orders, etc. Checks should also have two signatures when appropriate and pertain to business-related expenses. Checks made out to individuals or payees that appear unfamiliar should receive additional scrutiny.

There are additional lessons learned, but that’s enough to start the ball rolling. What additional measures would you recommend?

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Regular readers of this blog will know that many of the fraud losses I discuss here are largely avoidable. Well, my business partner and I have decided to do something about it. Today, we launched Consult-OnLine, an online platform that provides fraud and intellectual property theft prevention services for small- & medium-sized companies.

Why now, and why online?

Quite simply, the number of fraud cases involving small-and medium-sized companies is staggering. SMEs need help, and they need it fast. They are often overlooked by traditional consulting firms as too small to purchase services – or worse, the companies suffer in silence and do their best to muddle through without the assistance of a fraud expert. The most common reason for not engaging a fraud consultant is cost. Small companies can’t afford to pay the hourly rates and expenses that traditional firms charge. They are also genuinely concerned that once a fraud consultant enters their office, they will have a hard time convincing them to leave.

Believe it or not, other firms have offered professional services online before. One in particular was phenomenally successful, but for a number of reasons they shut the site down. We strongly believe that professional services can be delivered online. In fact, we built an innovative platform to do exactly that.

In addition, over the last three months, we have developed a proprietary database that contains analysis of fraud cases from the news. There are so many lessons to be learned from fraud at other companies. We thought it made sense to build a database that companies could access and use to learn how to avoid a similar fraud at their company. I have over 16 years of fraud experience, yet even I am amazed at the number of six- and seven-figure fraud cases that we have gathered from around the world. We are absolutely convinced that the database will “open eyes” and help companies dramatically reduce their fraud risk.

So, I am mad that small- and medium-sized companies coffers are being raided by fraudsters with impunity. AND my firm is prepared to do something about it.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Fraud happens. Often. Here are just five facts that companies learn the hard way when fraud occurs:

Fact #1 – Fraud does not happen on the company’s timetable.

Revenues are up. Revenues are down. It doesn’t matter. The company could be experiencing the best of times or the worst of times. The fraudster doesn’t care. All he or she wants is money. Fraud will happen on the fraudster’s timetable. He or she decides if, when, how much, and how often. If the company has countermeasures in place, the fraud may be prevented or the losses kept to a minimum. With little or no countermeasures in place, however, watch out.

Fact #2 – Fraud scares people, especially senior executives.

When I meet with clients, I often tell them that fraud is a small word with big implications. In my experience, senior executives are most often apathetic when it comes to discussions regarding fraud. That is, until they are made aware of an actual fraud taking place on their watch. Then they become exceptionally nervous and spend a great deal of energy worrying about what will happen. They don’t know what they don’t know, and that makes them nervous, sometimes angry, and generally apprehensive about the future. Is this my fault? Will I be blamed? How much money will we lose? Will we get it back?

Fact #3 – Fraud prevention is an afterthought in most companies.

When meeting with a new client, we want to gain a sense of the overall maturity of their efforts to prevent, detect, and investigate fraud. Below is a small selection of the questions that we typically ask:

• Do you have an employee hotline? How do you measure its effectiveness?

• Do you have a fraud case management database? If so, when was the last time the information was used to develop proactive countermeasures?

• What controls do you have in place to prevent and detect fraud? Who “owns” control development, deployment, and testing?

• What policies and procedures do you have in place to ensure that employees are unable to steal your company’s intellectual property? When was the last time someone tested their effectiveness?

• How often does fraud take place in your industry?

• Have you incorporated “lessons learned” from fraud at other companies?

• Who is responsible for fraud prevention, detection, and investigation within your organization? If separate departments, how often do they meet to share intelligence?

Very rarely will senior executives answer these questions without providing some potential areas for improvement. Most often, they struggle to answer at least one or two of the questions, which can lead to some uncomfortable silences and pained expressions. That’s OK. We know that fraud prevention is an afterthought. It shouldn’t be, but it is. Most companies don’t think about fraud until it happens or they narrowly avoid taking a loss. I personally want to change that. There is no reason that companies need to experience the vast majority of employee and third-party fraud. A company will never be fraud free, but it can certainly make it much more difficult for fraud to happen.

REPORT THIS AD

Fact #4 – Fraud investigations are easy to screw up.

Investigating fraud, particularly employee fraud, is much more complicated than it appears. Employees have rights, and lots of them (as they should). If in the course of an investigation a company violates those rights, the “hunter” can become the “hunted.”

Let’s consider a real-world example.

Local law enforcement thinks that one of your employees, Bob, is involved in drug trafficking. Your internal audit department is also investigating Bob. They plan to talk with him next week regarding some missing inventory. A detective from local law enforcement wants internal audit to ask a couple of questions that would help him with the drug investigation. In fact, the detective really wants to be in the room during the meeting. Helping law enforcement is a good idea, right? We might need them to help go after Bob for the inventory we think he has stolen. Would we screw up the investigation by helping law enforcement? How? We’ve already sent an email to the detective detailing the inventory theft. The detective agrees – this guy is a criminal!

(Hint: this investigation is destined for failure.)

Screw up an investigation, and you may be forced to rehire the employee that allegedly committed fraud as well as pay lost earnings and possibly even a fine. Trust me, it happens.

Fact #5 – Fraud losses are rarely recovered.

We’d like to think that law enforcement can reach out and claw back the proceeds from a fraud whenever needed. The truth is that most of the time, the proceeds are long gone. Fraud schemes typically last a median of 18 months. During that time, your company’s money is burning a hole in the pocket of the fraudster. They want to buy goods and services, pay down debt, stop foreclosure, share their good fortune with family and friends, etc. The last thing they want to do is deposit the money in their bank account and watch it gather interest (although in very rare circumstances, this does happen).

Notwithstanding the fact that fraudsters want to spend the proceeds, the truth is that law enforcement is often unable or unwilling to help companies recover fraud losses. Law enforcement is overstretched. At the local level, detectives in small cities are assigned all manner of cases, from petty theft to murder. In larger jurisdictions, detectives have an overwhelming case backlog that is closely tracked by their superiors. Financial crimes can be extremely complicated and time consuming to investigate, especially if the detective does not have a financial background. Detectives need to close cases – quickly. At the federal level, the bar is even higher. A six-figure loss may be devastating for your company, but it may barely raise the eyebrow of an FBI special agent in a large metropolitan area. With no connection to organized crime, drugs, or terrorism, the case file may be shelved and forgotten.

I strongly support law enforcement and have worked with some very talented local, state, and federal agents. However, we really can’t expect them to pursue every fraud that hits their desk. Let’s be honest; why should we expect law enforcement to help recover losses when so many of them could have been easily avoided?

If you have additional “facts” that you would like to share, please feel free to add a comment.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

“It is way too complicated for anyone outside the industry to understand. Fraud in our industry is just… well… complicated!”

– Senior Executive at XYZ company

I won’t disclose the name of the company, but the preceding statement was made by a Vice President of Internal Audit during a discussion about fraud within his company. I failed to convince the VP that the 80/20 rule applied. I believed, and still do, that 80% of the fraud schemes they experienced could be found in other industries, with the remaining 20% being industry specific. He believed the exact opposite, that 20% were common to other companies and that 80% were industry specific. I lost the argument (it was really a friendly exchange).

What I didn’t have available at the time was access to a database of previous fraud cases from within his industry. I do now. We have created a proprietary database that includes hundreds, soon to be thousands, of fraud cases from around the world. Here is an example of just one case in the database involving healthcare.

Ronald A. McFarland of Pennsylvania received a 37-month sentence for his role in embezzling $2.46 million from Rosewood and Oaktree Cancer Care. McFarland was the president of Verimed, a third-party billing company. Rosewood and Oaktree engaged Verimed to bill for outpatient radiation treatment programs for cancer patients.  So how did McFarland commit fraud? Very, very complicated (I jest). He billed for services, then kept the money he received. He then made fraudulent accounting entries to cover his tracks.

Could this type of fraud happen in your industry? Sure it could! The healthcare industry uses third-party billing companies a great deal due to the complexity and length of time it takes to collect from insurance plans. But you don’t have to be in healthcare to experience a loss of this type. If your company relies on a third party to bill and/or collect amounts due your company, the potential is there.

I do agree that fraud within certain industry segments is exceptionally complicated, hence my earlier statement that 20% of fraud is specific to an industry. But when you remove the industry and truly analyze the fraud modus operandi, the other 80% starts to come into focus. Regardless of industry, fraudsters want your money in whatever form they can take it (cash preferably!).

If I have learned anything from my career in fraud, it is that history repeats itself again, and again, and again. Certainly, fraud schemes that are specific to your industry must be understood to prevent losses. However, don’t believe your “own press.” Fraud within your industry is not so unique that you can’t learn from other industries. You’d be amazed at the similarities across industries. Trust me.

So next time someone says fraud is so complicated in their industry that you’ll never understand it, take the time to politely challenge their statement. You may have much more in common than you both realize!

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

“Even a mom-and-pop business with only a few employees needs to provide oversight for anyone involved in accounting or bookkeeping operations. Businesses are especially vulnerable when one employee both issues payments and reconciles company bank accounts.”

– Beth Phillips, United States Attorney for the Western District of Missouri

Could not have said it better myself, Ms. Phillips. Small business owners, listen up: if you won’t take my word for it, how about taking the word of the US Attorney for Missouri? Law enforcement is often left to clean up the mess caused by small business fraud. They see what needs to be done to stop it from happening in the first place. Maybe you should listen!

The perpetrator in this scheme, Kim Brown, plead guilty to stealing $718,167 from her employer, Standard Sheet Metal, over a seven-year period. Again, this was not a particularly complex scheme. Brown wrote “at least” 474 checks from her employer’s bank account and deposited them in her personal account. That’s all she wrote (pun intended), and now the employer is left with a huge loss that will likely never be recovered.

Brown was a trusted employee. From 1998 to 2009, she had been promoted from receptionist to accounting and bookkeeping. What a kick in the gut! The company gives her more responsibility, and presumably a bigger salary, and she commits fraud in return.

Note: Notice that the bank did not stop this from happening. As I have said before, never rely on your bank to stop embezzlement.

Maybe now is the time to proactively address fraud within your company? You’ve got the backing of the US Attorney to do so.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Shell company: “An inactive company used as a vehicle for various financial maneuvers or kept dormant for future use in some other capacity.”

– Dictionary.com

Jon C. Shain admits that he is guilty of playing “shell games.” Using a remarkably simple scheme, Shain secured an $884,000 loan from Amcore Bank that he then used to enrich himself.

In my opinion, the bank involved (renamed BMO Harris Bank) failed to adhere to a fundamental principle of due diligence: “trust, but verify.” However, this is not going to be a discussion regarding bank fraud. It’s about trust and not taking it for granted.

In order to convince the bank to lend money to his company, Coating Technologies, Shain created fake invoices detailing expenses payable to Qualified Industrial Services and Industrial Equipment Supply Corp. The bank didn’t know it, but Shain controlled both those companies. The invoices were in fact fake. But wait; there’s much more.

Shain also formed a joint venture with another company to do business as Barron Finishing Technologies. Amcore funded yet another loan for $2 million that was supposed to buy real estate and equipment. Shain again submitted fraudulent invoices, this time to Barron Finishing, that allowed him to pull out the loan proceeds.

He then transferred proceeds from Barron’s loan to Industrial Services (the shell company he used in the $884,000 scheme that I first detailed). Eventually, funds taken from Amcore were used to  purchase personal property in the name of yet another entity – Rock River Reality, LLC.

Confused?! Of course you are! That’s what Shain wanted. Just like the street entertainer that uses actual shells to hide the ball in plain sight, Shain used five different companies to keep the money moving and the bank none the wiser.

The bank made a number of mistakes in funding the loans. They should have done much more to verify that the expenses Shain supposedly incurred were legitimate. Just as importantly, they should have researched his ownership in the shell companies. Certainly, Shain did a good job covering his tracks. However, based on my reading of the case and experience investigating shell companies, the document trail that indicated a fraud was taking place should have been uncovered before the losses mounted.

In a broader sense, what lessons can we learn from this case? You don’t have to be a bank to be on the losing side of a shell scheme, also called a confidence scheme. You trust that your business partners are what they say they are. You trust that they are not going to steal from your organization. Where did this trust come from? How did the business partner earn your trust? Shouldn’t it be earned before it is given?

As the title of this post suggests, trust that your business partners are on the up and up, but always take the time to verify. That applies to banks that lend money, venture capitalists that are funding startups, and new customers that approach your organization to purchase goods or services. Take the time to research who you are about to do business with. There are numerous resources online that can help. Start with the secretary of state’s website to see if the company is registered to do business in your state. Research the principles and registered agents; check out how old their website is (if they have one) and who owns the domain. There are more steps that I typically recommend, but that’s enough to get you started.

Remember, there are lots of good people out there, but there are also some really smart people just like Shain that can literally destroy your company, if you let them.

Trust, but definitely verify.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Don’t let the word nonprofit fool you; as this case shows, there is plenty of money up for grabs.

Over the course of eleven months, Jeffrey Bernstein allegedly embezzled over $2 million from the Albert Ellis Institute, a nonprofit based in New York. The Institute’s mission is to provide “global access to the benefits of Rational Emotive and Cognitive Behavioral Therapies through the training and education of mental health and allied professionals worldwide.” I’m not sure what that is either, but clearly they have money on hand to fund their efforts. Or at least they did.

Yet again, we have a remarkably simple fraud. Bernstein allegedly transferred funds from the Institute’s bank accounts at J.P. Morgan Chase to personal accounts that he controlled. Here is the twist; the Institute is not pursuing Bernstein. Instead, they have sued J.P. Morgan Chase in civil court. Presumably, they believe that Bernstein has spent the money and that a judgment would be worthless.

In order to prevail in a civil suit, the Institute is going to have to show that J.P. Morgan was at fault. In practical terms, how much responsibility should the courts place on a bank to detect embezzlement? Unless J.P. Morgan Chase made a glaring error that was entirely inconsistent with their own policies and procedures, I don’t see the Albert Ellis Institute prevailing in court. Further, the Institute better be able to show that they had taken the necessary steps to prevent the fraud in the first place.

Each year, J.P. Morgan Chase invests tens of millions of dollars to prevent, detect, and investigate fraud. Speaking from experience, banks will never get it right 100% of the time, with embezzlement being the most difficult fraud for a bank to guard against. By definition, the transactions are initiated by authorized individuals that are granted access to the organization’s bank accounts to conduct routine business transactions. In most circumstances, expecting a bank to detect embezzlement in a sea of routine transactions is just unrealistic. (Each case is different, so I stress “most circumstances.”)

In my opinion, given that the fraud took place over eleven months and was perpetrated by the president of the Institute, the burden that the plaintiff must overcome to prevail in court will be considerable.

Stay tuned…

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter, or white paper, you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Companies lose billions every year. Some are shocked that it happened to them. Others, have a line item in their financial plan (Yes, you read that correctly. They plan to lose money to fraud.) Far too many companies are forced to close their doors because of it…

So, why is it so hard for companies to combat fraud? Here are five reasons that I have uncovered during my career:

1. “You work here as well?” – Fraud professionals often talk about their frustration with “silos” that result when departments involved with preventing and detecting fraud don’t talk to each other. In fact, a significant portion of my career has been spent helping break down the silos within organizations. The fraudster – both employee and third-party – is able to exploit the lack of communication between departments for their own benefit. Large companies are particularly guilty. It is not unusual for two or more departments to be actively investigating the same employee! No one has the complete picture of the fraud, yet each department continues to investigate the situation independently while the losses mount.

2. “I don’t want to think about it” – Fraud can be overwhelming, especially for senior executives with an already heavy workload. It is easier not to think about what fraud may be doing to the company’s bottom line. Unfortunately, ignoring the problem will never solve it. In fact, when losses do result (yes, fraud happens) they are often gigantic.

3. “We don’t have the money” – This reason is certainly understandable, especially when you consider the dire state of the global economy. It is probably the biggest hurdle that our firm has to overcome when talking with companies of all sizes. Unless the company has experienced a significant fraud within the last 12 months, there is resistance to any investment in fraud prevention or detection services. Until the company sees a spike in fraudulent activity, why should they worry? Well, unfortunately, you can’t pick a date and time when fraud will happen. It has an uncanny knack of taking place when you can least afford it. The costs to fix the problem are normally far higher than the prevention that was needed in the first place.

4. “Bring it. We’ve got it covered” – From time to time, I run across an exceptionally high performing fraud department. They have the right mix of people, processes and technology to fight fraud. The company’s executives support their efforts and they routinely hire the “best of the best” to join their organization. They have fraud – internal and external – under control. Well, almost. What worked last month, or last year, will not automatically work today. Combating fraud requires a “continuous improvement mindset”. Fraud evolves, so too must the fraud department. Complacency can eventually destroy even the best fraud department. The latest fraud intelligence can literally make the difference between success and failure. Trust me; I’ve seen it happen on more than one occasion.

5. “They were just that good” – I have interviewed 100’s of people who have committed fraud. Many of the schemes that they perpetrated required tremendous vision, drive and determination to execute. Some of the most intelligent individuals that I have met were in fact accomplished fraudsters. The really smart fraudsters are often never caught. Every fraud investigator can cite at least one or two situations where the fraudster got away with it. Some fraudsters are just that good. If they don’t make a mistake, you have almost no chance of catching them.

This list is certainly not all inclusive. I’d love to hear from others as to why fraud is so difficult for companies to fight. Also, if you disagree with any of my observations, feel free to say so!

Sign up for the “Fraud Happens” Weekly Intelligence Report.

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com

Hiring employees is expensive. I get it. Really, I do. Segregating duties to prevent fraud by employing more than one person seems like overkill. For small businesses, although desirable, it is just not feasible. It is just not realistic to expect a small business owner to employ two or more employees when they can make do with just one.

For mid and large sized companies, segregating duties is absolutely crucial. Here’s an example of why…

Shaun Allen Clark pleaded guilty to a $2.3 million embezzlement scheme. Clark stole checks from The Scotts Company totaling $24,450. That was just the beginning. In 2008, Clark joined the Ohio Bridge Corporation as a controller. Between April 2008, and September 2009, he embezzled $2,310,006. How did Clark manage to steal so much money in such a short time? The answer is simple – he controlled everything…

• Clark was granted access to initiate wire transfers from the company’s accounts to pay for raw materials. He used this access to transfer funds to his personal account. (Remember what I said about banks and detecting embezzlement?)

• As controller, Clark managed bookkeeping and accounting entries involving the Ohio Bridge Company and its subsidiaries. He used his access to the “books” to hide evidence of the fraud.

• Clark served as the point person for the bank regarding a line of credit. He submitted fraudulent financial statements to the bank in order to comply with the terms of the line of credit and support the embezzlement scheme.

So where did the money go? Clark reportedly spent $100,000 to buy Ohio State football season tickets. He had $101,788.35 in his bank accounts, as well as Chevy Tahoe and boat for his efforts. As for the rest of the money? Who knows…

Small companies can’t hire more than the bare minimum. Preventing employee fraud at small companies requires more creativity to be successful (more to follow in a post next month).

However, medium and large-sized organizations can often afford to have more than one employee involved in a process. Doing so can dramatically reduce the potential for fraud. As this case shows, vesting all that power with one individual resulted in a seven-figure loss than would force many companies to close their doors. Saving on labor costs seems like “false economy” don’t you think?

Need a writer that understands fraud? When you hire me to write an article, blog post, newsletter or white paper you get an accomplished writer that is also an expert in fraud.

paul@mccormackwrites.com