Generally speaking, there are only a few operational areas within a manufacturing and distribution (M&D) company where employee dishonesty involves the theft of money. These hot spots – cash and payment operations, accounts payable, payroll and purchasing – are key areas of focus in the theft prevention process. They are often short staffed due to tight budgets, and in an effort to save money, management overlooks the real danger of theft that can occur where few employees cover sensitive jobs. The danger is further compounded when one or two trusted employees have administrative access and password control to manipulate the accounting system, as well as control over financial reports.
The system and plan to prevent employee dishonesty rests on an effective internal control system, which is uniquely tailored to every business. The following six areas deserve special attention when planning a system to prevent employee dishonesty:
1. Inventory Manipulation
Inventory is the most vulnerable asset for fraud in the M&D industry. It contains a variety of SKUs, can be obscured with empty boxes and disguised with complicated accounting manipulations. In addition, it can be difficult to “count” raw materials. Management should suspect a problem when cost of goods sold is out of control, when there are numerous stock shortages and a higher than needed order rate. While periodic inventories are a useful tool, they are often staffed by the same employees who are in the best position to perpetuate a fraud.
2. Accounts Payable
Ghost vendors are a common problem. A clerk who has control over both the creation of a vendor in the payables file and the payment of invoices can easily create a vendor, receive fake invoices for common goods or services, approve the invoice and pay the bill. Checks can be sent to the employee’s address or saved for special handling and pick up. Often each invoice is for a small amount, but over time, the total amount stolen can be substantial. Accounts payable personnel in cooperation with receiving and shop employees can work together to mask such a plan over many years. Vendor master lists are rarely reviewed independently and inactive vendors are not properly closed if there has been no activity for six months to a year. These inactive vendors are an easy target for the fraudster.
Ghost employees are also a frequent problem in the M&D industry. A clerk having the control to establish an employee, pay regular payroll and make changes to the master file, can easily create a false employee, increase amounts or fail to terminate an employee. Checks can be sent to an address or held for special handling and pick up. Once a false employee is created, benefits can also be funneled to the entity. Payroll registers are rarely reconciled between pay periods by an independent person or reviewed against a simple list of verified employees.
4. Check Tampering
M&D companies frequently pay their bills on the same day each week and these payments are mailed in window envelopes complete with the company logo. If these are mailed at a post office, criminals wait to pick these envelopes from the drop box. A check can be retrieved, altered and cashed, and the criminal now has the template to cash many more.
5. False Reimbursements
A good employee reimbursement system should include prior approval for large expenditures and enforcement of submission of receipts as proof of purchase. Generally, expense reimbursement forms are treated as a clerical nuisance and are rarely reviewed with appropriate care. The extra pay that some employees receive as a result of sloppy review can be substantial.
6. Vulnerable Computer System
Many software systems were purchased more than five years ago and have inadequate security to keep out cyber intruders. It is a big business to enter a system for identity theft, but more importantly, to steal contracts and valuable intellectual property. Devices can be embedded in the system that go undetected for many months and sensitive information can be extracted without the knowledge of the system operator.
While fraud cannot be prevented completely, the risk can be easily mitigated by:
- Devoting time to mapping the current system,
- Identifying the places where fraud would most likely occur,
- Performing a few simple tests to see if fraud is occurring and
- Redesigning the control system to close these gaps.
Additional ways to combat fraud include:
- Sensitive duties should be separated among employees
- A system of surprise internal audits and reviews should be implemented
- Employees should be cross trained and rotated among jobs
- Vacations should be highly encouraged to be taken
- Technology must be as secure as can be afforded
- A managed service model where an outside vendor performs certain information technology (IT) functions and hosts the files in a highly secure environment is an affordable option.
The greatest benefit to making an investment in controls is that staff will know management is vigilant. Only the boldest fraudster will continue stealing from the company while the boss is watching.
Disclaimer: This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.