Fraud and defalcation—or embezzlement—have long been two of the most frequent and egregious types of professional liability claims, and the trend does not appear to be changing anytime soon. A prime example is an embezzlement discovered in 2012 involving the city of Dixon, Ill., in which the municipal comptroller pleaded guilty to siphoning public money into a secret bank account.

When the embezzlement was discovered, it appeared to involve more than $30 million, stolen over a six-year period. But by the time the comptroller was indicted, the figure had grown to $53 million embezzled since 1990. The scheme was exposed when a co-worker was filling in during a vacation and stumbled across the secret account and multiple six-figure transactions, according to prosecutors.

Dixon, a city with an annual budget of about $20 million, was especially vulnerable because the comptroller had wielded control over all of the city’s finances for some 30 years, according to the Associated Press. Trying to explain how that much money could disappear unnoticed, the mayor of Dixon said that the town had struggled financially with reduced revenues and cash flow problems that were made worse when the state of Illinois fell behind on income tax disbursements. That provided plausible reasons to think the extra hole in the budget was related to those financial problems, he said.

Embezzlements tend to occur when there are gaps in organizations’ internal control systems. Those gaps can be created by personnel layoffs or reduced expenditures for fraud-prevention measures. Embezzlements can then further deplete an organization’s resources, fostering a self-perpetuating cycle of theft.

The good news for accountants who are expected to prevent such losses is that there are effective techniques for managing fraud risks. Some of the first rules of effective internal controls are as follows:

• Divide the financial duties among different staff members in order to provide potential checks and balances for each member. Giving one person unquestioned authority over an entire entity’s financial functions makes it even more vulnerable to fraud.

• Require employees to take a vacation for at least one week every year, and use that time to have the books reviewed for discrepancies.

• Do not be predictable in audit procedures; in adjusting to client schedules; or in announcing the timing, location or nature of the procedures.

• Make it harder for anyone to determine the mechanisms used by the auditor in detecting fraud.

• Adopt a tip hotline or complaint-reporting mechanism that will enable employees, vendors, customers and outside sources to report suspected fraud anonymously and without fear of reprisal.

• Provide employees with regular and recurring training about the detrimental aspects of fraud, so that they will be more likely to aid in controlling it.

CPAs should advise and warn clients about their exposure to embezzlement in order to help them avoid such thefts. Advice to clients about their exposure is best provided in a letter that warns about the general risks; suggests steps, such as the preceding, that clients can take to reduce the risks; and offers annual CPA services to help address the risks.

An informed client is better able to avoid defalcation, but if a theft is later uncovered, the CPA’s letter documents evidence of the warning. Clients should also be notified of “loose ends,” such as sloppy bookkeeping and late bank reconciliations.

Another effective documentation technique can be utilized when offering clients bank reconciliation services, which are prone to fraud claims. The technique involves the CPA offering two options:

• The first option comes with additional fraud deterrent services that include added protection against embezzlements if the client agrees to specific activities in cooperation with the CPA.
• The second option offers just the traditional, limited scope.

This two-tiered choice can be presented in a discussion with the client and in an addendum to the engagement letter for bank reconciliation services. The choice enables the client to make an informed decision when choosing between the two services.

Automation has also become a major factor in many embezzlement cases. The duties of receiving and disbursing funds, and reconciling bank accounts are often handled by one trusted employee who uses an accounting software program to stay on top of a lot of the entity’s financial activity.

Some small business owners believe that the accounting program contains safeguards to help protect the business from fraud, but the program, however, enables one person to control all of the business’s funds and bank accounts, thereby facilitating the perpetration of fraud. Accordingly, the separation of financial duties among different staff members is still an important risk management technique, even when accounting software is used.

Other techniques for managing risk pertaining to automation include—

• having an accounting software program expert—preferably a CPA—do the initial setup of the program to make sure that helpful features are turned on and unhelpful features are turned off;
• ensuring that access to personnel and vendor master file records is password protected and restricted by job function;
• setting up computer systems so that they create an audit trail of all changes made to the vendor master file records, including an identification of those who made the changes;
• instituting a policy in which changes to vendor master file records require supporting documentation, supervisory approval and independent review.

Fraud prevention techniques are not difficult to implement, and the costs of implementing them are much less than the costs of undetected fraud.

Ron Klein, J.D., CFE, is vice president–risk management counsel with Camico (www.camico.com). He applies his 27 years of experience in CPA professional liability issues in order to help Camico policyholders practice sound risk management.

 For information on the Camico program, contact:

Upstate:
Reggie DeJean
Lawley Service, Inc.
716-849-8618

Downstate:
Dan Hudson
Chesapeake Professional Liability Brokers, Inc.
410-757-1932

Or call Camico direct at 800-652-1772.