Fraud in American Small Business
advertisement
FRAUD IN AMERICAN SMALL BUSINESS Wang Guo An Hangzhou University of Commerce, P. R. China, 310012 Gary G. Johnson Charryl Rudesill Southeast Missouri State University, USA, 63701 Abstract This paper at first defines fraud, then tells its characteristics and exposes its incidences and impacts. At last it informs the readers of the measures to take to detect fraud and the precautions to guard against fraud. Key words fraud, business, detect, crime, loss, accounting, audit, CPA. 1 Introduction No company is immune to fraud. According to United States Federal Bureau of Investigation (FBI) statistics, individual arrests for fraud have doubled since 1980. Published estimates report the cost of white collar crimes may be 100 times that of street crimes and getting worse. Fraud cases reported in the media are usually high profile cases, involving large companies, and losses in the millions of dollars. However, on a per capita basis small organizations suffer the largest losses. Recent survey results on occupational crime reported by the Association of Certified Fraud Examiners (ACFE) in their Report to the Nation on Occupational Fraud and Abuse indicate small businesses suffer the biggest losses due to employee theft of cash and assets. The median loss per occurrence for small employers, as reported by the Wall Street Journal, is about USD$120,00 compared to a median loss of about USD$126,000 for companies employing more than 10,000 employees (Martinez, 1995). 2 Fraud Characteristics Fraud is false representation or concealment of an act that induces another to part with something of value. According to Black’s Law Dictionary, “Fraud embraces all the multifarious means which human ingenuity can devise, which are resorted to by one individual, to get an advantage over another by false representation. It includes surprise, trick, cunning and unfair ways by which another is cheated. The only boundaries defining it are those which limit human knavery.” Another authority defines occupational fraud/white collar crime as non-violent crime for financial gain committed by means of deception by persons whose occupational status is entrepreneurial, professional or semi-professional and utilizing their special occupational skills and opportunities; also, nonviolent crime for financial gain utilizing deception and committed by anyone having special technical and professional knowledge of business and government (Dictionary of Criminal Data Terminology). Given this definition, “white collar” refers to the characteristics of an occupational position and is typically an upper-level occupation crime. However, implicit in the definition are crimes in which blue collar managers, supervisors, and others having positions of power derived from their special technical and professional knowledge. Whether the act is called fraud or white collar crime doesn’t really matter. The key to both terms is that the activity is clandestine, committed for purposes of financial benefit, violates fiduciary duty, and costs a company assets, revenues, or reserves. The latest trend in corporate shenanigans is computer-related fraud,” reports the March 17, 1997 issue of Accounting Today. For example, the advancing technologies of desktop publishing have made it easier to produce fake documents. Computer fraud is growing at an alarming rate. Frank Rizzo (1996), a senior manager with KPMG Peat Marwick, said in his paper “Corporate Crime and Security Alert in South Africa,” new innovations increase the risk of fraud and abuse. But, the computer in itself doesn’t represent this increased risk. Computers don’t commit fraud; people commit fraud. Computers create more opportunities for people to commit fraud. Rizzo points to these particular problems: Organizations are growing more and more dependent on their computer systems for operational, accounting, and management information. Open systems and networks bring added risk of hacking and illegal access. Increasing complexity of computer technology makes it more difficult to check that all major loopholes are closed. Systems integration, while improves efficiency, increases the potential impact of any problems and the importance of access controls. Payment systems integrated with accounting systems make it possible to generate payments for the benefit of a fraud perpetrator by introducing paperless entries into the system. No trail is created in the computer to relate accounting entries to individual user authorized or not. Increasing shift from centralized mainframes to end-user controlled networks increase exposure to fraud. End-users often have little understanding of the threats to the system and the controls necessary to protect against threats. Some other types of computer fraud are: Piracy - unauthorized copying of software for personal use or resale for financial gain. Data Leakage - unauthorized copying of company data. Data Diddling - input or data tampering. Impersonation - criminal pretends to be an authorized user. Scavenging - unauthorized access to confidential information by searching company records ranging from searching trash for printouts and carbons to scanning computer memory. Small businesses should be aware that the most difficult frauds to uncover and prosecute involve small amounts of money taken on a frequent basis. There is a common misconception that major frauds are complex and require criminal masterminds. In reality, most frauds are simple. The same basic methods are seen repeatedly and in companies of all sizes. It is interesting to note that people do not see fraud the same as robbery (Finerman, 1995). Many people would say robbery is committed at night by masked bandits; fraud is committed in broad daylight by men wearing suits stealing petty cash. Few in the small business community recognize the most important difference between robbery and fraud is that the risk of fraud is much greater than robbery. Unfortunately, it is this trust and denial that fraud could occur in their business that put small business owners at the greatest risk. Many owners find out too late that some employees are capable of taking advantage of their trust; that certain employees commit fraud chiefly because their employer considers them trustworthy. Profiles of fraud perpetrators indicate they are typically smooth talkers who know how to build trust and faith in their victims (Finerman, 1995). Consider the vulnerabilities for retailers operating with a single employee opening, closing, and covering the store during lunch hours. This has always been a common practice of sole proprietorships. But, as reported in the September 1996 issue of Stores, pressures to cut costs have made this an increasingly common practice in US shopping malls and strip center stores (retail stores congregated next to each other with high visibility on a well-traveled street or highway). 3 Incidences and Impacts of Fraud Thirty percent of small business failures are due to employee dishonesty (Calhoun and Luizzo, 1992). These failures are painful, to say the least. What makes them real tragedies are the facts that two-thirds of small businesses begin with less than USD$10,000 total capital and nearly fifty percent begin with less than USD$5,000. According to the United States Government’s Small Business Administration (SBA), this equity capital is usually provided by the owner, the owner’s family, and the owner’s friends. Fraud and employee dishonesty could essentially wipe out the small business owner’s life savings, livelihood, hopes, and dreams. The February 1995 issue of the Ohio CPA Journal reports that fraud costs the American economy at least $186 billion annually and is becoming the crime of choice for the 21st century.” According to the U.S. Chamber of Commerce, employee embezzlement could reach $40 billion annually (Trumfio, 1995). Other studies estimate the cost of economic crime at $114 billion and that eight dollars are lost to internal crime for every one dollar lost to external crime (Calhoun and Luizzo, 1992). Why the wide range of estimates? The Association of Certified Fraud Examiners (ACFE) says the cost of fraud is difficult to quantify for several reasons. One reason is that not all fraud is uncovered and not all fraud that is discovered is reported. In reported cases, the information gathered is often incomplete and perpetrators are often not charged because criminal or civil action is not taken by the employer. The ACFE’s 1996 Report to the Nation on Occupational Fraud and Abuse was the culmination of a 21/2 year long study of the details of actual cases of fraud and abuse collected from the experience of 2,608 Certified Fraud Examiners (CFEs). Their study was not the first to consider fraudulent employee behavior, but was the first to attempt to estimate the cost of fraud by polling experts in the field. The ACFE study provides the following cost of fraud statistics that should be of particular interest to small business owners/managers: Average organizational loss to fraud is greater than $9 a day per employee. A 1992 survey of more than 1,000 supermarkets found the average amount of employee theft alone, abuse excluded, rose from $44.72 per employee in 1989 to $168.48 in 1992. Transactions involving cash and checking accounts are far more susceptible to misappropriation than all other assets combined. The most common account affected by fraud and abuse is cash, while fraud in accounts receivable, services, and inventory result in the highest median losses. The ACFE study found a direct correlation between age, sex, and position and median loss due to fraud and abuse. The most predictive variable concerning the amount lost is the perpetrator’s position in the organization. As a general rule, men and older employees have higher positions and more access to assets that come with those higher positions. In the cases studied by the ACFE, median losses by nonmanagers were $60,000, by managers $250,000, and by executives and owners $1 million. Other interesting statistics about fraud perpetrators revealed by this study are: Losses from fraud caused by managers and executives were 16 times greater than those caused by nonmanagerial employees. Losses caused by perpetrators 60 and older were 28 times those caused by perpetrators 25 or younger. Losses caused by perpetrators with post-graduate degrees were more than five times greater than those caused by high school graduates. Losses caused by men were four times those caused by women. Married employees committed greater number of frauds and caused the highest median losses. In his article Fraud Happens: “A Primer on Lying, Cheating, and Stealing,” Arthur A. Hayes, Jr. says there are three types of people in the world.” The first type are those who would not steal anything. Hayes says this group is extremely small, getting smaller, and can be thought of as corruption impaired.” The second type are those who would steal given the right circumstances. This large category Hayes calls opportunists” are willing to take more risk as the dollar amount to be gained increases. The third category are predators who may have started as opportunists, but then found they could not stop stealing. Hayes calls these people gifted” and claims under the right circumstances anyone can become fraud gifted.” As personal needs increase, the truly motivated criminal will find ways to circumvent even fairly well-designed internal control structures (Hayes, 1995). Another study reported in the HRMagazine (December 1995) found that white collar professionals are perpetrators of crime on the job more often than most people would like to believe. The results of this Reid Psychological Systems survey of 200 U.S. executives, managers and other professionals point to a potential degradation of business ethics among the professional workforce. Sixty percent of those surveyed admitted abusing company property, 35% admitted misrepresenting the truth to clients, customers, and fellow employees, and 20% admitted to padding business accounts. Seventy five percent of the survey respondents were male college graduates earning at least $50,000 annually and 37% had been on the job at least 10 years. Joe Wells, chairman of the ACFE, says fraud is a crime of older perpetrators (Miller, 1997). Because the population is aging, a large portion of fraud can be explained by demographics. The SBA reports that jobs generated by small business firms are more likely to be filled by older workers, because many older workers prefer to work part-time and small business can accommodate their preference. If Wells and the SBA’s statistics are correct, small businesses are particularly at risk of fraud. Results of a study by Judith Collins and Frank L. Schmidt (1993) published in Personnel Psychology, Inc., suggest a broad factor of social conscientiousness” may underlie the propensity for white collar criminality. Collins and Schmidt examined the construct validity of personality scales, a personalitybased integrity test, and homogenous biodata scales as predictors of white collar criminality. They sampled 365 prison inmates incarcerated for white collar offenses and 344 people employed in upper level positions of authority. The study produced a large difference between the two groups. It revealed offenders as having greater tendencies toward irresponsibility, lack of dependability, and disregard for rules and social norms. Collins and Schmidt contributed these large and measurable psychological differences to an underlying construct of social conscientiousness. Two more explanations for employee theft and abuse particularly relevant to small businesses are provided in the ACFE’s study. In 1970, criminologist Donald Horning surveyed the attitudes of employees at an industrial plant and found an informal system whereby a variety of company property was viewed as being of uncertain ownership. These small, plentiful, inexpensive materials, components, tools, and supplies were taken without arousing feelings of guilt on the part of the employees. Such pilferage of plant property was not seen as stealing, but as taking things from the plant.” James Patterson and Peter Kim studied employee theft and abuses as part of a larger study. Their 1992 research concluded that as many as one half of U.S. workers believe that the way to get ahead in business is through politics and cheating. 3 Fraud Prevention and Detection In the April 1997 issue of Nation’s Business, Robert Gray says small firms are especially susceptible to employee theft and fraud, but there are defenses that can lessen the problems. He categorizes small business owners’ fraud and theft defenses into three general categories: Employee screening, internal controls, and prevention of computer related thefts. Small business owners/managers need to be alert to the new opportunities computers have created for people to commit fraud and take measures to institute security controls that keep pace with changing technologies. Price Waterhouse’s in-house group of security experts believe that companies can take these precautions to prevent computer-based fraud: Companies having recently experienced a large turnover, downsizing or layoffs are more at risk for fraud than a company with a stable history. People who have been let go may be upset and might be looking to disrupt processing or steal information. Another risky period occurs when a company implements new technology. The company should make sure the proper security controls are in place. One of the first things to do to prevent fraud is to segregate the duties of those in risky positions to prevent collusion. The company should have a way of recording daily transactions. A logging system should produce a hard copy record of daily events that can be sued to discover if fraud has occurred. The Price Waterhouse security experts also say the most effective way to combat computer hackers is by having employees choose system passwords that aren’t easy to figure out. Passwords should not be combinations of the employee’s first name and last initial or birthdays, but need to be phrases not easily guessable and not in the dictionary. Employees must also be told to use caution in revealing their password to anyone. The weak link in a security system often turns out to be the unsuspecting employee who is tricked into giving out their password. Because many organizations, both small and large, lack the expertise required to investigate fraud and because of the increase in occupational crimes, accountants have been expanding their traditional services to include services directed specifically at detecting and investigating cases of fraud. Small enterprise clients with no formal internal audit or security departments might ask their CPA to act as the company’s internal audit department. However, if there is predication of fraud and depending on the magnitude of the problem and the CPA’s judgement, the CPA might recommend that a private investigator with fraud/security management expertise be retained to assist in or conduct the investigation (Calhoun and Luizzo). These special investigators are forensic accountants and fraud examiners. Forensic accounting has been around for several decades, but the cost of fraud over the past ten years has prompted an increasing demand for such services. Forensic accounting employs accountants who know how to look beyond the financial statements for clues to criminal wrongdoings and law enforcement workers who bring street-smart investigative skills to the boardroom (Miller, 1997). The field of forensic accounting includes fraud auditors and examiners who use accounting records and information, analytical relationships, and an awareness of fraud perpetrators and concealment techniques to bring a proactive approach to detecting financial fraud. According to the November 11, 1991 issue of U.S. News and World Reports , the fields of forensic accounting and fraud examination are two of the fastest growing professional fields in the 1990s. What are the differences between external audits and fraud audits/examinations? According to the Association of Certified Fraud Examiners (ACFE), one major difference is that external audits are conducted on a routine basis while fraud examinations are generally adversarial in nature and conducted only when there is predication that fraud has, is, or will occur. The ACFE defines predication as the totality of circumstances that would lead a reasonable, professionally trained and prudent individual to believe a fraud has occurred, is occurring and/or will occur.” Predication usually arises from managements’ investigations of anonymous tips and complaints, behavior or lifestyle changes of employees, or internal control weaknesses. Another difference the ACFE identifies is that external audits are aimed at systems and procedures while fraud examinations are aimed at persons violating criminal or civil laws. In her article the Auditor and Fraud” published in the April 1997 issue of the Journal of Accountancy, Jane Mancino discusses the new auditing standard SAS No. 82 and makes these distinctions between external audits and fraud audits. The objective of an independent external auditor in an audit in accordance with Generally Accepted Auditing Standards (GAAS) is to express an opinion on how fairly the financial statements are presented in all material respects. A fraud audit is a separate engagement, typically a consulting service, that is conducted when there has been an allegation of fraud or fraud has been discovered. The fraud examiner or forensic accountant is called in to gather evidence or act as an expert witness in connection with legal proceedings. He or she does not give an opinion on the financial statements. In their book Fraud Auditing and Forensic Accounting, G. Jack Bologna and Robert J. Lindquist (1996) give a detailed comparison and contrast between external financial audits and fraud audits. According to these authors, financial auditors focus on the financial transactions themselves. Fraud auditors dig deeper and concentrate on the behavior underlying the financial transactions. The financial auditor relies extensively on internal controls in determining the nature, timing, and extent of the audit process. In contrast, fraud auditors look at how the internal control system could be circumvented. Financial auditors use standard audit programs, while fraud auditors need freedom to use their imaginations. Fraud auditors think like a thief and look for patterns that don’t fit normal expectations. In response to increasing white collar crime, Joseph T. Wells, a former FBI agent, saw a need for an organization or association that promotes improved fraud detection and deterrence through education and other means. In 1988, he formed the National Association of Certified Fraud Examiners (NACFE). Because of their education, experience, and training, Certified Fraud Examiners (CFEs) are uniquely qualified to assist small business companies with proactive fraud prevention and detection programs. CFEs can assist management and owners with the design and implementation of internal control systems that allow detection of many frauds in early stages, minimizing losses to owners and other victims. CFEs are trained to possess expertise in: Examination of questionable documents Interview and interrogation techniques Report writing and assessing documentary evidence Providing expert witness testimony Evaluating the legal, social, and psychological elements of fraud Supervision and direction of fraud examinations and investigations 5 Conclusion The ACFE predicts that with the expansion of computers, business losses due to fraud will increase. As people become more computer literate and computers more accessible and affordable, small businesses should be alert to the numerous short-term opportunities for fraud created by systems under development (KPMG Peat Marwick, 1996). Users and technology are expanding with leaps and bounds. Yet, computer security measures have not kept pace with changing security needs. Analyses of access control systems require expertise, time, and are very expensive. But just as technology can be used for fraudulent purposes, it can also be harnessed to combat fraud,” says MacErlean (1995). Steve Albrecht (Beltran, 1997) also maintains that the future of fraud detection will rely on technology and the computer programs to detect it. Applications of artificially intelligent technologies are already making computerized fraud detection possible. References [1] Beltran, L. CPAs Told to Dig Deeper for Lying, Cheating, Stealing. Accounting Today, (1997).11(2), p12. [2] Collins, J. M. and Schmidt, F. L. Personality, Integrity, and White Collar Crime: A Construct Validity Study. Personnel Psychology, (1993). 46(2), p295-311. [3] Finerman, S. Understanding Fraud and Embezzlement. Ohio CPA Journal. (1995). 54(1), p37-40. [4] Hall, J. J. How to Spot Fraud: Putting A Squeeze on Theft. Journal of Accountancy. (1996). 182(4), p85-89. [5] Hayes, A. A. Jr. Fraud Happens: A Primer on Lying, Cheating, and Stealing. Government Finance Review, (1995). 11(6), p7-11. [6] Martinez, M. N. Studies on Workplace Crime Question Business Ethics. HRMagazine,(1995)40, 16-19. [7] Miller, T. L. Ex-Cops, Prosecutors Find New Careers With CPA Firms. Accounting Today, (1997). 11(5), 16+. [7] The Latest Developments in Fraud Detection. KPMG Peat Marwick. (1996). 6pp. [8] (http//www.kpmg.co.za/irm/storyl.htm). Accessed Feb. 9, 1997. [9] Trumfio, G. Are your Salespeople Stealing Your Profits? Sales & Marketing Management, (1995). 147, p33-34.
