Theft and fraud in the workplace are
like drunk drivers on the road. There
are more of them than you can imagine and their impact is devastating.
Estimates are that 5 percent of the Gross
Domestic Product is lost to fraud in all its
forms — from the bartender skimming
cash to the executives at Enron.
This pall over the economic landscape
begs the question: What can an honest
business do to detect fraud?
Smart Business spoke with Payne
Harrison who is a principal with Whitley
Penn LLP and leader of its Forensic
Investigation & Litigation Support
Practice in Dallas.
What is the best way for a company to
defend itself from fraud?
First and foremost is a change of attitude from ‘it couldn’t happen here’ to ‘it
could happen here.’ The record of fraud is
replete with perpetrators who had gold-plated rsums, long tenures with the
company and enjoyed positions of enormous trust. This complacency is probably
the biggest hurdle to fraud detection.
But if a company has an external audit,
wouldn’t that detect fraud?
There are times when an external audit
of financial statements can reveal fraud,
but according to a study by the
Association of Certified Fraud Examiners,
only 12 percent of initial detection of
fraud cases were discovered by external
audits. Almost 60 percent of fraud cases
were detected by a tip or by accident.
That’s because an external audit is not
specifically geared toward detecting
fraud. Its primary purpose is to provide
assurance that the company’s financial
statements are in harmony with General
Accepted Accounting Principles.
Then what can a company do to detect fraud
if almost 60 percent of detection comes
from tips or by accident?
That is a huge question, because we have
found there is a compelling need in the marketplace in that regard, and have therefore developed a fraud diagnostic service.
What is involved in a fraud diagnostic?
There are five essential elements. First,
we construct a schematic diagram of
‘intersect points’ between the financial
transactions of the company and the
employees that have touch points on that
transaction — for example, the accounts
payable function. We map each person’s
responsibility and authority, the physical
process of the transaction and identify the
vulnerabilities where fraud could occur.
What do you mean by a vulnerability?
For example, a popular accounting software package for small businesses makes
it easy to commit check fraud. A perpetrator can make a check out, print it, then
go back and change the name of the payee
in the ledger to that of a legitimate vendor.
Then what is the next step in the diagnostic?
On step two, we run the accounts
payable data through some sophisticated software that applies statistical algorithms to identify potentially fraudulent
transactions — software that can cull
through thousands upon thousands of
transactions to find the ones that are
suspect.
In lay terms, when perpetrators generate fraudulent checks, unbeknownst to
them, they are doing something that falls
outside of the statistical envelope of normal business transactions; those transactions can sometimes stick out like a
statistical sore thumb.
Then what is step three?
I used to be a newspaper reporter, and
the old adage of ‘there is no substitute
for wearing out shoe leather’ is true.
Step three is face-to-face interviews
with people in the accounts payable
loop. It has been our experience that
when we conduct a forensic investigation after fraud is discovered, it is not
unusual to hear the refrain, ‘Well, I
thought the perpetrator’s behavior was
kind of strange, but I didn’t know who I
should talk to about it.’ This can be particularly true when the perpetrator is the
boss. Information gleaned in the interviews can confirm suspicions or identify
further lines of inquiry.
And the last steps?
If the previous steps indicate something
untoward, we investigate the paper and
electronic records at a particular intersect point in great detail to see if any evidence of fraud emerges. If so, we work
closely with the company’s legal counsel,
and if necessary we deploy an electronic
discovery forensic team to resurrect
deleted computer files and e-mails. The
evidence that emerges here can sometimes be the proverbial smoking gun.
This kind of sounds like an episode of CSI.
Actually, you’re not that far off the mark.
PAYNE HARRISON is a principal with Whitley Penn LLP in
Dallas. Reach him at (972) 392-6630 or [email protected].