Dealing with stealing | Taking steps to minimize the risk of employee theft at Maine companies and organizations

BY BOB BROWN, certified fraud examiner and PARTNER, The CPA Solution LLC, Bangor


Over the past few years, many Maine companies, municipalities and nonprofit organizations have had something in common: theft. From $200,000 embezzled from Provencher Fuels Inc. in Biddeford to the Calais School Department losing $197,000 to employee theft, stealing has become an unpleasant fact of life for many companies and organizations.

Fact is, long gone are the days that CEOs, owners and board members could leave their organization's internal workings to the bookkeepers, accountants and auditors. Today's reality is that those at the top must take responsibility. Whether nonprofit organizations, municipalities, small businesses or large corporations, the fiduciary responsibility to properly record, protect and use the assets of the organization has crept into corner offices and boardrooms across the country.

Sure there are some factors that have pushed this trend along — most people think of Enron and Sarbanes-Oxley. But the real reasons are much closer to home: Provencher Fuels, Vessel Services Inc. in Portland, Winslow Aluminum in Vassalboro, Dysart's in Hermon, Adoptive & Foster Families of Maine in Old Town, the Maine office of the National Alliance on Mental Illness in Augusta — the list goes on of organizations that recently experienced theft by an employee.

On the surface it may seem that the organizations above have nothing in common. Part of that is true. They are private businesses, nonprofit organizations and municipalities. The employees caught stealing were men and women, old and young.

Not surprisingly, the common theme here would be trust — trust and the ability to work within an environment that was not constructed to prevent, deter or timely detect fraud.

How does this happen? And how can it be prevented?

How it happens is relatively simple. In many cases, it was a simple case of theft, not a large conspiracy of deals and entries to cook the books like in the case of Enron. Like many cases that are brought to light, it's mostly a case of no one watching: The guilty parties were trusted, so they simply wrote the checks to themselves, increased their paychecks or paid for personal expenses directly from the company's checking account.

As shocking as it is to read about these types of cases, it is nothing compared to the shock felt by the victimized organizations. Right up until the problem was discovered, the organization probably fully believed none of its employees would steal, especially those employees responsible for handling the books or cash.

So are those who commit fraud evil people set out to destroy an organization?

Hardly. The truth is that in the vast majority of cases the fraudster does not have a criminal record. They never intended to steal or betray the trust placed in them. The dirty little secret is most of the time these people became desperate due to circumstances they felt were out of their control. Family illness, unemployment, addiction, or a sudden credit crunch all can play a critical role in turning a trusted employee into a desperate employee.

Let's face it, even if the embezzler had all the intentions in the world of paying back the "borrowed" funds, they would never even consider this path, unless the system they were working in allowed them to fully believe it would be their little secret and no one would be the wiser.

So what are some keys to developing an internal control environment designed to prevent, deter and detect fraud in a timely manner? Below are just a few items that should be addressed in all organizations, regardless of size or type.

• Ensure that sole trust and responsibility is not placed on a single person

• Review bank statements for suspicious activity

• Verify that payments received agree with bank deposits

• Personally sign all checks after examining backup support, including invoices, delivery slips, etc.

• Know your vendors — and know when new ones are added

• Develop a fraud policy and adhere to it at all levels. Employees look to senior managers, CEOs and directors to determine what type of activity is acceptable, so don't underestimate the "Tone at the Top" of an organization

• Require employees to take their vacations — it not only ensures a mental break for your dedicated employees, but it also ensures that someone else must perform at least some of their duties while they are out

• And finally, engage a professional CPA or Certified Fraud Examiner to specifically review your internal controls. The piece of mind and protection that a fresh set of professional eyes can give will pay dividends for years to come.