t is important for CPAs to understand what motivates people to commit fraud so they can better assess risk and assist employers or clients in implementing appropriate preventive and detective measures. One element common to most occupational fraud offenders, from the CEO to the rank-and-file employee, is that almost none of them took their jobs for the purpose of committing fraud—they are typically first-time offenders.
Facing that fact, one must ask the logical question: How do good people go bad? An obvious answer is greed. But many so-called greedy people do not lie, cheat and steal to get what they want. There are two separate but related theories about why employees commit fraud. The first is based on a 20-year-old Hollinger and Clark study of 12,000 employees in the workforce. It found that nearly 90% engaged in “workplace deviance,” which included behavior such as goldbricking, workplace slowdowns, sick time abuses and pilferage. On top of that, an astonishing one-third of employees actually had stolen money or merchandise on the job. (Remember: Even top executives are “employees.”)
WAGES IN KIND
The researchers concluded the most common reason employees committed fraud had little to do with opportunity, but more with motivation—the more dissatisfied the employee, the more likely he or she was to engage in criminal behavior. One criminologist described the phenomenon as “wages in kind.” All of us have a sense of our own worth; if we believe we are not being fairly treated or adequately compensated, statistically we are at much higher risk of trying to balance the scales.
A second theory about why employees commit fraud is related to financial pressures. In the late 1940s, criminologist Donald R. Cressey interviewed nearly 200 incarcerated embezzlers, including convicted executives. He found the great majority committed fraud to meet their financial obligations. Cressey observed that two other factors had to be present for employees to commit fraud. They must perceive an opportunity to commit and conceal their crimes, and be able to rationalize their offenses as something other than criminal activity.
Here are just two examples of situations in which it would have been beneficial to know what pressures were behind the fraud.
An investor spent his life savings gaining control of a 100-year-old public company that manufactured vacuum cleaners. After installing himself as CEO, the investor introduced a completely new product line. But the new vacuums were vastly inferior to the old ones, and consumers returned them to the factory in droves. Rather than credit the inventory account for returns, the CEO simply rented off-site space to store the junk vacuums. When the scheme got too big to control, the executive saw the futility of continuing the scheme, so he confessed to the authorities. Inventory was overstated by $40 million. The independent auditors were sued for malpractice, and the business folded. The CEO went to jail. Investors lost everything. The CEO’s motivation? He had hocked everything he owned to acquire the company. The auditors hadn’t—and couldn’t have—known that.
According to legend, a loyal bookkeeper for a company was denied a $100 monthly raise. The bookkeeper was incensed, so he methodically stole for the next 20 years, until he retired. His replacement discovered an amazing fact: The retired bookkeeper had pilfered exactly $100 a month—the precise sum of the raise he had requested.
OPPORTUNITY IS KEY
The lesson in these stories is that fraud does not occur in isolation. All crime is a combination of motive and opportunity . The opportunity to commit fraud is typically addressed through internal controls—if the proper checks and balances exist, it is more difficult (though still not impossible) to defraud an organization.
To deter opportunity, divide responsibility. If one person controls both the books and the assets, the ability to commit fraud is limited only by that person’s imagination. But if another employee shares a task, it is less likely a perpetrator can succeed. Furthermore, if an employee needs help to defraud an organization, opportunity is greatly reduced. It is one thing to commit a fraud by yourself, quite another to ask someone to aid in your scheme.
Some argue that internal controls are simply not enough to deter fraud. They cite two reasons: First, controls are supposed to provide only reasonable assurance. Second, there are few controls that cannot be overridden or circumvented by people with sufficient motivation.
The body of research into why “good” employees turn to fraud can be distilled into at least two important concepts. Employees and executives who feel unfairly treated sometimes believe they can right the scales by committing occupational fraud and abuse. Workplace conditions are therefore a major risk factor in predicting fraud. Also, employees faced with embarrassing financial difficulties pose a significant problem. The simple moral to the auditor is to pay attention to what goes on outside the books, too. So while you’re looking at the numbers, keep one eye and both ears open for disgruntled or financially strapped employees. It may mean all the difference in detecting fraud.
CASE STUDY: HOW A CFO PLOWED HIMSELF UNDER
Tractors—that’s what brought McKinley down. The simple but vital machines were the main reason McKinley stole $150,000 from the bank where he worked as a chief financial officer.
McKinley’s tale of woe actually had begun years earlier. He was an honor graduate from a prestigious Tennessee college with a degree in accounting. McKinley came from the right family, made a good marriage, attended the right church and went to work for the right bank. He earned his CPA. His future looked bright, but in McKinley’s opinion, not bright enough. It seems that his lineage didn’t come with a lot of money. So like many of us, McKinley decided to regularly invest a portion of his paycheck, hoping the investment would eventually bring him financial security.
Then McKinley did a very un-accountant-like thing. He put all his money in a local tractor dealership. On top of that, he borrowed all the money he could from his own employer and threw it on the pile. McKinley bragged to his co-workers about his new acquisition as evidence of his business acumen. But before long, McKinley’s investment soured. He was then faced with a dilemma: The CFO would have to tell the bank president the truth—that even though he was in charge of the bank’s money, he could not manage his own finances. The thought of admitting that, to acknowledge that he, the hotshot CFO, wasn’t all that savvy, was unthinkable to McKinley. So he concocted a scheme.
McKINLEY’S BIG IDEA
First, McKinley had to raise nearly $10,000 to get his bank note out of default. Since he helped install the bank’s system of internal control, he knew there was a simple way to override it. Specifically, as the bank’s CFO, he was the ultimate authority on journal entries. He not only reviewed the entries of other employees, but also could make them himself. Other than the bank’s regulators and external auditors, no one saw the numbers after McKinley.
To cover the money he needed, McKinley made a journal entry. The debit was to a bank correspondent account, a clearing account with lots of volume. That way, the entry was more likely to be lost in the shuffle. The credit was to McKinley’s own personal checking account at the bank. Then he made a second entry, crediting the bank’s correspondent account and debiting one of the bank’s expense accounts: consulting, advertising or other “soft” expenses.
The trick worked. McKinley got the money to cover his past due bank payments, and no one was the wiser. It may have been that the technique was a little too easy, because the next time McKinley needed money, he reverted to the same method. In just over a year, he embezzled $150,000, using some of the money to cover his debts.
McKINLEY DID WHAT ?
Greed being what it is, McKinley became very much addicted to stealing money. And like so many other addicts, he somehow lost the ability to reason. That is the only explanation for what occurred next. One of the bank’s customers accidentally paid the same note twice. When the second check came in, it was forwarded to McKinley for handling. The $6,000 check sat on McKinley’s desk for a week. All he needed to do was return it to the customer. But then, during a weak moment, McKinley stamped the bank’s endorsement on the back of the check, signed his own name below, and deposited the proceeds directly into his own checking account.
When the check was returned to the customer, he quickly noticed the duplicate payment and called the bank. Since McKinley was out, the customer talked to the bank’s internal auditor. Although the auditor could hardly believe her ears, she obtained a copy of the check and then promptly notified management, which authorized a full fraud examination that documented McKinley’s thefts. He pled guilty and served three years in federal prison. His CPA license was revoked.
The bank’s external auditors did not detect McKinley’s thefts. The $150,000 loss was not material to the financial statements as a whole, so there was no responsibility for the auditors to find the defalcation. Still, this incident proved embarrassing; the bank lost faith in the audit firm for not detecting the embezzlement and changed auditors as a result. Even though the original auditors were not required to detect such a fraud, most of us want to get the best service possible. And sometimes, as in this case, clients don’t really want to hear the limits of an audit; they want to affix blame.
Could the auditors have seen any of the indications of fraud? Perhaps. Considering all the circumstances, the outcome might have been better had the auditors taken a different approach. First, there were clues in the books. Some were well-hidden; others were not. Embezzlers frequently prefer to hide their thefts in high-volume accounts. Had the auditors known this fact, perhaps they would have looked more carefully at the correspondent accounts. Another accounting clue was that McKinley eventually hid his thefts in “soft” expenses. Finally, auditors for financial institutions have access to the checking accounts of officers and employees. Had McKinley’s account been examined, the auditors would have noticed that the former CPA had deposited all his ill-gotten gain in his own checking account at his own bank. This is not a smart move, but for some inexplicable reason, almost every embezzler does exactly the same thing.
A VERY SIMPLE QUESTION
It would also have been helpful if the auditors had stepped back from the books long enough to privately ask each employee they worked with a powerful but simple question: Do you suspect any fraud within this organization? Had they done so, the auditors might have learned that employees were already suspicious of McKinley. Even though he had started out well regarded at the bank, McKinley’s life changed when he began stealing. He started becoming moody and irritable, and it was clear to the other employees that he was living well beyond his means. McKinley thought he was doing a good job covering his tracks, but his ill-fated tractor investment and his family troubles were well known to many of the bank’s fifty-plus employees.
Why didn’t any of these employees tell what they knew? Because no one asked. A CPA firm that asks the right questions can become a hero for a client. It can also prevent embarrassment from defalcations it isn’t required to uncover but that were caught because the auditors were on the alert.
JOSEPH T. WELLS, CPA, CFE, is founder and chairman of the Association of Certified Fraud Examiners, Austin, Texas. His e-mail address is: firstname.lastname@example.org .