January 28th, 2021

MIM Fellowship Case Study - Mima Hillier

Fraud Prevention

FRAUD AND FRAUD PREVENTION IN SMALL/MEDIUM SIZE COMPANIES

Mima Hillier – TTHCurzon Relocation mima.hillier@tthcurzonrelo.com

 

INTRODUCTION

 

We are all aware of fraud whether it is taking place in large corporations (Enron, WorldCom, NatWest) which have been defrauded of millions, or individuals who have been defrauded of their savings through online dating sites. These two samples will get the headlines in the world press. Less newsworthy is the fraud taking place in small to medium sized enterprises (SME’s), even though 32% of all the corporate fraud is taking place in small companies[1]. This is completely unrelated to the industry sector, or the number of the employees the company has, which means that the relocation sector is not immune for fraud. The reasons why small businesses (and there are many in the relocation sector) are most vulnerable to fraud and suffer a disproportionate loss when compared to larger companies is the lack of internal controls in which accounts don’t have to be audited by law, as well as the fact that accountants concentrate mainly on year-end accounts and are often outsourced, instead of continuously checking that the internal controls are working (i.e. no internal audit teams).  Finally there is the ‘we are too small for fraud’/’we are all friends in the office’ attitudes of small company owners which leaves the door open for fraud.

Due to Corona Virus pandemic and courts being closed since spring 2020, the latest figures relating to fraud are from 2019. KPMG Fraud Barometer (2019) recorded 102 cases of alleged insider fraud for 2019 with cases of fraud by management and embezzlement both up. There was also a six-fold increase in the number of alleged procurement frauds appearing in court, usually involving fake invoices. Six cases worth over £16 million appeared in court in 2019 compared to £2.9 million in 2018. Management and employees represented 43% of perpetrators by volume in 2019 compared to 39% in 2018. (please note these are only the cases which have gone to court[2]

Simply stated, fraud prevention is cheaper than fraud detection. On average the typical fraud scheme takes 18 months or more to detect. Once a fraud is discovered the victim company may incur additional losses in terms of legal expenses, bad publicity, lower productivity and morale. Often the stolen or embezzled funds are not recovered. Therefore, it is vital for companies to take proactive steps to prevent fraud[3]

 

The case study I will present is a classic example where tighter internal controls could have prevented, or at least have lessened the loss for the company. It also gives a ‘real life’ example of a fraud that is committed by various individuals in multiple layers of the organisation for their own individual gain.

 

 

 

PURPOSE

The purpose of this paper is to raise the awareness in the relocation sector about internal fraud in small businesses, the psychology behind every fraud and finally how to prevent the fraud through internal controls in the first place.

The company culture has an impact on everything everybody does in the business, and moreover the way the employees think. Hence it also has an impact on fraud prevention. A company having a democratic approach will have high levels of trust in the organisation, but at the same time high levels of accountability reinforces the tendency to hide mistakes and errors and also rewards based on performance, encourage aggressive accounting practices and ‘creativity’ to improve results or hide losses, whereas a very bureaucratic approach makes fraud more difficult through tight rules (which can also result in whistle blowers)[4]To combine the two approaches to empower employees to succeed within tight rules could be the quick answer to minimise the risk of fraud. To be able to create tight enough internal controls, the company must understand its own systems and think ‘how’ someone could overcome those. However, the company should not only build internal controls to prevent fraud, but the internal controls should be there (in the first place) to assist and ease the everyday running of the company. They monitor and control both day-to-day transaction processing and security of assets.  Once the internal controls are in place, fraud prevention becomes far easier.

In this paper we are looking at the sample of internal controls in the accounts function of SME which are universal and can therefore be applied in relocation companies.  The aim for these is to prevent mistakes or misstatements so that financial information is reliable and operations run smoothly. All within the rule of law.

To discover a fraud and indeed to prevent it, you need to understand why a person is doing it. There are different ways to de-fraud a company, but in most cases the aim is personal gain.   This comes under the psychology of fraudster, which I will dissect using Cressey’s Fraud Triangle which provides a useful framework for companies to analyse the vulnerability to fraud and unethical behaviour.  It also it explains the psychological triggers behind the actions. In almost all cases all three elements of the triangle must exist for an individual to act unethically. If a company can focus on preventing each factor, it can avoid bad behaviour.

 

 

 

 

 

 

 

 

 

INTERNAL CONTROLS

To build internal controls, as mentioned before, the company needs to understand the ‘why’ and ‘how’ a fraud is/can be committed in an organisation. The most common areas of fraud are: cash sales (cash comes in but the transaction is not recorded), fake purchase bills (including homesearch consultants and other subcontractors, purchase of materials etc), expense claims and payroll. Hence I’m concentrating on the internal controls in the accounts function.

Some commonly used internal controls[5] are as follows:

  • Segregation of duties – no one person should be responsible for the recording and processing of a complete transaction
  • Organisational controls – organisational chart which illustrates the internal responsibilities of management and staff; allocation of responsibilities, reporting lines
  • Authorisation and approval - who approves purchases and what are the monetary limits before further authorisation is required
  • Personnel – HR policies including recruitment

 

When setting up any controls/ targets in the company they need to be accepted by the staff. One way of doing this is to create them using the SMART principle (Specific, Measurable, Achievable, Relevant and Time-bound).[6]The controls being SMART produces evidence that the controls are effective, and also will ease the day-to-day workings and increases motivation of the employees.

Personnel issues (hiring, retaining and firing) form a big part of the company, but I have not included those in this paper. As research shows the profile of a fraudster within a company is somebody who has been with the company 10-15 years ie not a new recruit and are not instinctively bad people and research into convicted fraudsters, shows that they often offend for the first and only time. [7]

 

 

 

 

 

‘WHY GOOD PEOPLE DO BAD THINGS’ - FRAUD TRIANGLE

 

 

Image removed.

 

Image 1 Fraud Triangle Cressey [8]

Fraud is the obtaining of financial advantage or causing of loss by implicit or explicit deception; it

is the mechanism through which the fraudster gains an unlawful advantage or causes unlawful

loss[9]

Sutherland came up with the term ‘white collar crime’ in 1940s, Donald Cressey took this further in ‘50s and created a Fraud Triangle to demonstrate the environmental and personal factors for an individual to commit fraud. In many cases, especially relating to SMEs individuals who commit fraud do so because they have a perceived need which they feel they cannot share. In this instance the fraud itself becomes solution to a problem rather than being a problem[10]. In larger organisations where internal controls are more regulated, the fraud often involves more than one person (complexity of fraud) and requires planning. However, it will still need the ‘pressure’ of an individual to do so; a manager has good intentions of solving a financial problem but is acting unethically and manages to persuade a colleague/s to be part of the fraud and they willingly took part because ‘they liked him’ (Toby Groves – Mortgage company owner in the USA,  committed US $7 million fraud).

 

According to Cressey, all three parts of fraud triangle are as follows and must be present:

  1. PRESSURE

Pressure is the perceived need an individual has which he/she cannot share. This pressure does not need to necessarily make sense to outside observers, but it does need to be present. There are many pressures that could push someone into committing fraud, these could include money problems, alcohol or drug / gambling addiction, the list is endless. The most researched pressure point is ‘greed’. When greed is the trigger that will put enough of pressure for person to commit fraud. What drives a person to commit fraud? Albrecht concluded that white-collar crime is ‘beat the system’ type rationales, whereas study done by KPMG clearly concludes in line with Cressey’s fraud triangle that ‘Greed and opportunity are indicated to be the overriding motivation for fraud’. This is especially case in SMEs.  

 

  1. RATIONALISATION

Before an individual commits a fraud he/she need to rationalise it.  Most people do not commit fraud with the mindset that what they are doing is wrong. There must be a discrepancy between person’s beliefs and behaviours present. In most cases the fraud becomes the solution to a personal  problem rather than a problem. Cornish and Clarke developed a hypothesis based on the idea of crime as a rational choice. (Rational choice perspective)[11]. This will suggest that people committing fraud will make a detailed plan for the crime and then execute it accordingly. Perhaps that is the case when fraud takes place in the larger corporations, when in monetary terms the fraud is larger and often more complex, therefore it requires careful planning and more than one person to commit it. Whereas during my forensic investigations I have come across opportunist fraudsters (i.e. once the opportunity rises the individual will act upon it) who act first and then rationalise it. Especially in SMEs the opportunist approach seems to be more logical. My findings and conclusions are in the case study in chapter 3; Employee A figures out that one of the directors is ‘embezzling’ company funds (purely for his own gain), which gives Employee A an opportunity and basis on which to rationalise his own acts (‘if the director does it, then I can do it too’ attitude). This is a prime example of corporate culture gone bad.

 

  1. OPPORTUNITY

 

An opportunity to commit the act must be present. In the case of fraud, usually a situation arises where there is a chance to commit the act without a high chance of being caught. Often an individual will “try their luck” with a smaller crime and if this goes unnoticed will continue to commit fraud over a period of time. Companies that are not actively working to prevent fraud (with internal controls) can present repeated opportunities to individuals who meet all three criteria of the fraud triangle. Quoting loosely Kurt Lewin (1936) fraud is a result of an interaction between a motivated offender and a criminal opportunity[12]

 

 

 

 

CASE STUDY

 

One of the two directors of ABC limited contacted me on behalf of the board in May 2017, to carry out an investigation on their company’s accounts due to some suspected irregular accounting activities. They estimated that in the region of £180k has been wrongly accounted for/gone ‘missing’.

The company in nutshell:

  • Two owners/directors (Dir1 ad Dir2)
  • Managing Director (MD)
  • Management Consultant (MC)
  • Accounts Manager (AM) – accounts department had 3 employees.
  • Company A – Main company had shared ownership of:
  • Company B which was a holding company of
  • 4 Subsidiary companies each with minimum of two bank accounts £ and $
  • 48 Employees
  • Turnover £22m
  • Services/manufacturing, with R&D department. Usual to have large upfront costs/ large investments before project starts

 

The company’s accounts manager presented the Management Accounts to the MD and Board on time. The accounts were prepared by the AM. The company culture was very nurturing/empowering and democratic, all the employees were encouraged to take responsibility on their own work and a lot of autonomy was given to them. The company was operating and managing big projects in three different countries at any given time, which meant that the two directors were often ‘out-of-office’ and the management responsibility was rightly left to the MD. In addition to the time spent abroad, Dir 1 was on sick leave after an operation, a year before I was called in.

The MC had been with ABC for 2 years at this point. He was contracted to give support to Dir1 and Dir2, oversee the running of some larger projects and streamline some of the internal processes.

As is common in owner managed companies, company ABC ltd placed a good deal of trust on the manager of the accounts department (AM) who at this point had been with the company for 14 years.  Over time this resulted in no or little emphasis on internal controls. (the characteristics of a fraudster)

Company’s internal controls (Accounts Department) were:

  • To ensure that all the transactions are executed with proper authorisation – the AM was able to authorise and make payments up to £5k. Anything above it had to have 2 directors authorisation
  • To ensure all transactions are promptly recorded in the financial records – the AM and two accounts clerks were in charge of payroll, recording the transactions, reconciling the accounts and producing management reports
  • Segregation of duties – AM in charge of payments and payroll and the others in recording the transactions. But this was not clear enough.

 

The quickest way to start to understand the ‘water tightness’ of the internal controls at ABC was to go through each transaction over £5k, and ask to see the two directors’ authorisations. It became evident that especially during Dir 1’s sick leave (1.5 years prior to this point) , there were large numbers of transactions over £5k with only Dir 2 approval  and accompanied with an email from the MC to say ‘this is urgent and payment needs to go out today. I will speak to Dir1 but it is ok to pay now’ and later on, typically late Friday afternoon emails such as ‘£35k to below bank account ASAP. Use xxx as reference. This is a first payment.’ With no sign of any directors authorisation.

It became evident that the fraudulent payments took place when Dir 1 was abroad, and the amounts per transaction and the transactions themselves became more frequent whilst he was on sick leave.  In total the MC embezzled around £1.1m during a 20 month period.

Whilst the investigation went on it resulted in following findings:

  • Dir 2 was also part of the fraud (fraud committed by director is a separate issue which not included in this paper)
  • The MC found this out and basically started to do the same with Dir 2 ‘approval’ (that he wouldn’t disclose Dir2 to the board)
  • None of this could have happened without the help of AM. Dir2 and MC ‘recruited’ AM to help them; only asking for authorisation from Dir2 and/or MC (who at no point was an employee of the company); took book keeping function back from the two clerks; started to use one of the subsidiaries’ bank accounts (that subsidiary wasn’t billing at this point) to move money around and not recording it properly as per MC’s instructions etc.

 

The mechanisms used were:

  • Fake bills/payment references, such as
  • AM created 6 invoices in her ex-partners name with her own bank details for ‘maintenance work’ totalling £15k in an 8 month period; booking company travel using her own credit card, and also booking her holiday travel with the same card and claiming both back from the company (over £20k was her own travel over 2 years)
  • the MC ‘authorised’ a payment of £180k to solicitors (to pay back his personal loan). duplicating the valid company reference used for an earlier legit legal payment).
  • other fake invoices with a very similar name of approved supplier but different bank account details for example BIT1 instead of BIT
  • Moving money to a ‘redundant’ company account and paying fake bills through that

 

The money the company lost was never recouped. The local police were reluctant to help, citing complexity and scale of the fraud, therefore the matter was given to Serious Fraud Office (SFO) who after a brief examination of the case concluded that the likelihood of a successful prosecution was minimal since the culprits’ actions could not be considered as a conspiracy to defraud, given that each could legitimately blame the other. The MC was never charged since he disappeared after my investigation started.

Using Cressey’s fraud triangle the MC had the pressure (believed to be large gambling debts), was able to rationalise his behaviour (‘I can do it because the Dir2 is doing it’) and had the opportunity (Dir 1 away from the office). He also had the characteristics of a fraudster: very friendly (building trust) but never familiar (didn’t let people get close to him), narcistic and big ego (he considered himself to be one of the directors and behaved that way), and was also a middle aged man, who according to various research shows that they are the most common culprits[13]. KPMG’s research ‘Psychology of the Fraudster’ (2007) shows that the typical fraudster is likely to be a middle aged senior male manager with experience and authority.  According to KPMG’s 2019 Fraud report this is still the case but the number of female offenders is on increase

 This can be considered as classic case, since the fraud took place over a 20 month period (research shows it happens in average in 18 month period). The only discrepancy in this case to the research on fraud is the fact that it transpired that the MC had done this before when his targets had been at least two companies ie at this point he could be considered a career fraudster rather than first time offender. Only when contacting the SFO, ABC was told that MC is ‘known’ to them. Before he is caught and charged his record stays clear, and none of the crimes he has committed is in the public record.

The AM also had the pressure (broken relationship, need for accoutrements of success such as nice holidays, car etc), rationalisation (‘the MC is a likeable man, and I’m just helping him’ and later on ‘because Dir2 and MC are doing it, so can I’) and the opportunity (being in charge of all the accounts function ie managing to dismantle the segregation of duties and was very trusted after 14 years with the company)

 

 

CONCLUSIONS:

 

It is hard, for especially small companies who often create a nurturing, empowering, ‘we are a family’ culture to then have to take actions by setting up internal controls to prevent it becoming a target from an enemy within. But it is even harder to get to grips with the fact that one of your trusted employees have embezzled the company money. And that person, is most often the most trusted long serving employee ie not a new recruit. But once answering the questions of why and how, you unconsciously have also taken the first step of fraud prevention and stopping giving fraudsters repeat opportunities to reoffend.

The internal controls analysed are universal for accounts departments, which can be put in place and implemented in any relocation company regardless of the number of the employees. They will not change the overall company culture, instead will streamline the accounts function by creating clear remit for each individual.

Fraud constitutes a third of all crime in the UK (Mark Thompson UK Investigations Director at KPMG. formerly the Chief Operating Officer of the Serious Fraud Office). Especially now when there is uncertainty in the economy can pressure good people to do bad things. Therefore the better internal controls the company has, acknowledges that fraud can happen anywhere and is ready for it, will lessen the opportunities for anybody stepping into the dark side.

 

 

 

 

Bibliography:

 

ACPO (The Association of Chief Police Officers) 2011; The Nature, Exptent and Economic impact of Fraud in the UK

Cornish, Derek B and Clarke Ronald V: The Reasoning Criminal: Rational Choice perspectives on Offending; 2014 Transaction Publishers

Cressey, Donald R; Other People’s Money: A Study into social Psychology of Embezzlement. Glencoe Ill; Free Press 1953

Doran, G. T. (1981). There’s a S.M.A.R.T. Way to Write Management’s Goals and Objectives. Management Review, 70, 35-36.

Gagliardi, Chris CPA 2014: The Reality of Fraud Risk, The CPA Journal April

KPMG  2019; The Fraud Report

KPMG 2007;  The Psychology of Fraudster

Laufer, Doug : Small Business Entrepreneurs: A Focus on Fraud Risk and Prevention. American Journal of Economics and Business Administration. 2011

Sutherland, Edwin 1949; White Collar Crime

Taylor, John 2011; Forensic Accounting

 

 


[1] Gagliardi, Chris CPA 2014: The Reality of Fraud Risk, The CPA Journal April 11

[2] KPMG Fraud Barometer 2019. P6

[3] Doug Laufer: Small Business Entrepreneurs: A Focus on Fraud Risk and Prevention. American Journal of Economics and Business Administration. P 402

 

[4] Taylor, John 2011; Forensic Accounting p.105

 

[5] Laufer, Doug : Small Business Entrepreneurs: A Focus on Fraud Risk and Prevention. American Journal of Economics and Business Administration. 2011

[6] Doran, G. T. (1981). There’s a S.M.A.R.T. Way to Write Management’s Goals and Objectives. Management Review, 70, 35-36.

[7] Taylor, John 2011; Forensic Accounting p 132-133

[8] Doug Laufer: Small Business Entrepreneurs: A Focus on Fraud Risk and Prevention. American Journal of Economics and Business Administration. P 402

[9] ACPO (The Association of Chief Police Officers) 2011; The Nature, Extent and Economic impact of Fraud in the UK p.9

[10] Cressey, Donald R; Other People’s Money: A Study into social Psychology of Embezzlement. Glencoe Ill; Free Press 1953 p.191

[11] Cornish, Derek B and Clarke Ronald V: The Reasoning Criminal: Rational Choice perspectives on Offending; 2014 Transaction Publishers p x

 

[12] Cornish, Derek B and Clarke Ronald V: The Reasoning Criminal: Rational Choice perspectives on Offending; 2014 Transaction Publishers p xi

 

[13] Taylor, John 2011; Forensic Accounting p.132-133

 

Previous Article