Episode 054: A Crash Course in Fraud Protection for Businesses

Sign up to receive a monthly email with Wrap insights from our advisors

No business is immune to fraud, yet few businesses are proactive to examine their own risks. The trust in long-time employees, the convenience of automated payment systems and the simplicity of internal processes can all lull businesses into a false sense of security. And a false sense of security can quickly turn into financial hurt for your business due to fraud.

So, what can businesses do practically to protect themselves from fraud?

In this episode of The Wrap, Tammy McGaughy, CPA/ABV, CFF, CFE, who specializes in helping businesses identify and correct fraud instances, joins our hosts to discuss fraud protection for businesses.

After listening to this episode, you’ll be able to:

  • Be aware of some of the most common types of fraud in businesses
  • Grasp why there has been a recent uptick in business fraud cases and understand the causes of fraud
  • See why having company credit cards can make your organization more vulnerable
  • Implement immediate tactics that can help with fraud protection for businesses
  • Know how to effectively monitor your organization’s fraud risk (without being in multiple locations at once)

(00:00:00) Commentators: Hey, I’m Paul Perry. I’m Kim Hartsock and you’re listening to the Wrap, a Warren Averett podcast for business leaders designed to help you access vital business information and trends when you need it. So, you can listen, learn and then get on with your day. Now let’s get down to business.

(00:00:20) Kim Hartsock: Today we’re talking about something that a lot of business owners don’t want to talk about, but they need to talk about and that’s fraud.

(00:00:27) Paul Perry: Absolutely. I mean, U.S. businesses lose billions of dollars each year to fraud. We understand that business owners have less time to focus on all aspects of their business and the daily operations when they are having to focus on the potential fraud that’s out there, and they become very vulnerable. Luckily for our listeners today, we have Tammy McGaughy out of our Fort Walton Beach office with us to talk about some of those risk factors and what business owners can do to kind of help minimize that risk. Tammy, welcome to the show.

(00:00:57) Tammy McGaughy: Thank you, Paul and Kim. Thank you for the opportunity to share my experiences in investigating frauds. As Paul mentioned, I’m a Member in the Fort Walton Beach office. When I first started learning about fraud, I really had to train myself to think like a fraudster. Naturally being a CPA, I have a certain level of skepticism when I’m doing financial statement audits. But when I became a certified fraud examiner and certified in financial forensics, I feel like the game had changed. Today, I investigate frauds and I do help businesses address risk of fraud within their organizations, you know, to help them become less vulnerable. Thank you for the opportunity to speak.

(00:01:43) Kim Hartsock: Yeah, we’re glad to have you, Tammy. Just to get started, maybe it would be helpful to our listeners, just for you to explain. I know there are several types of business fraud. Maybe you can just go over some of the main ones that you focus on.

(00:01:57) Tammy McGaughy: Sure, Kim. Generally, what I see surrounds the disbursement schemes, where someone would receive funds through unauthorized disbursement methods. We’ll go over some examples.

Probably the very good example is just payroll fraud. Payroll fraud schemes can be anywhere from one paying themselves additional pay to writing an extra check during a payroll cycle. Sometimes one may pay themselves a bonus above their normal pay. Another example in payroll fraud is someone who may be coding more hours for not working but getting paid.
Or taking vacation and not recording the vacation in the leave system. So, payroll is a prevalent type of fraud that I see quite often. Another one is check fraud, similarly to payroll, is where someone is receiving monies through unauthorized means. An example would be writing a check to themselves and being able to get monies that way. Or, writing a check to cash and then taking the cash and using it for their own benefits. Some of the more sophisticated would be maybe writing a check to a fake vendor, or even sometimes it may be a legitimate vendor, knowing that they’re paying for more than what it is required, then, getting a refund and intercepting that refund when it comes back. So those are examples of check disbursement fraud. Another example would be expense fraud. We see this quite often where it’s more of a reimbursement type scheme where an employee may be submitting reimbursement from their employer for items that are more personal in nature and not business-related.

They were getting that monies that way. Or they may be using a company credit card for personal items and passing those along as the business’. So, you know, payroll fraud, check fraud, expense fraud. Those aren’t really on the disbursement side, but I do see quite often another type of fraud, which is more difficult, but it does happen.
And it’s more of understanding relationships with your employees and vendors, but it has to deal with kickbacks which are off-the-books type of fraud and where you’re looking for potential relationships that may be unusual in nature. Maybe your company doesn’t work for or pay a specific type of vendor, and having a payment go to that vendor might be a relationship or an unusual transaction that you need to look at.

But kickback generally involves where the perpetrator has caused a payment to a third party and then the transactions between that perpetrator and the third party occur. It’s off the books, but I have seen kickbacks as well. So that, again, Kim, those are just some general natures of disbursement type schemes that I’ve found in cases that I’ve looked at.

(00:05:27) Paul Perry: Listeners know that anytime I get an opportunity to talk about controls, I’m always going to bring that up. I think this is a great segue, right? Because a lot of what you do from a fraud detection and a PR communication of fraud prevention definitely deals with controls and sometimes the lack thereof, so I think it’s always a good meshing of those conversations. This next question for you is somewhat loaded, you know. What really causes the business fraud and how can a company determine their vulnerability? I have imagined what has happened in the last two and a half years probably is not helping the situation, right?

I’ve had lots of phone calls. I know you have too. But I think, dispersing people from a workforce perspective overnight and disrupting their daily operations – whether those are legitimate operations or not – probably caused people to start leaving those companies. Nobody had anything written down and now all this fraud is probably starting to come up.

I can only imagine that question of “What causes business fraud?” has been exponentially increasing over the last couple of years, due to the nature of business right now. Would you agree?

(00:06:35) Tammy McGaughy: Oh, absolutely, Paul, I have seen an uptick in fraud cases that I’ve investigated. Generally, what I’m seeing and what causes it – there’s a couple of different things that we look at. Personal greed is one where someone is just greedy. They have the wheeler/dealer type attitude, and they’re going to commit fraud within your organization. Sometimes, it’s the lifestyle of someone that they’re trying to maintain a habit. You know, they may be supporting a gambling habit, or some sort of an addiction and they made a means to fund that addiction or that habit. Sometimes, a fraud occurs because an employee may just want revenge against their employer.

You know, they may feel that they’re not treated properly, or they’re not compensated enough, and they will commit fraud through just every vengeful type of mentality. But, you know, you make a good point. All companies are vulnerable to fraud. So, there is not a foolproof measure that you can take to mitigate the fraud because everyone’s fallible.

I’ve heard the rule that 1/3 of the workforce would never, ever commit fraud. I’ve heard also that 1/3 would commit fraud if they thought that they could get away with it. Then, 1/3 would do it regardless. So, we do have a mix of people within the workforce. Depending on the circumstances, COVID being a great example where there are less controls in place. You know, there’s more opportunity available that everyone’s vulnerable.

(00:08:27) Commentators: Want to receive a monthly newsletter with Wrap topics? Then, head on over to warrenaverett.com/thewrap and subscribe to our email list to have it delivered right to your inbox.

(00:08:37) Kim Hartsock: Now, back to the show.

(00:08:41) Paul Perry: To piggyback off that just a little bit, business owners that are sitting out there listening to this, going, “Susie” – and I really apologize to anybody named Susie because every time I use a fraud case, it’s usually Susie doing something. I probably need to use like Tim or Scott, but Susie has been with me for 30 years.

“So, there’s no way she could be doing that.” Right. How many times have you heard that statement or even when you find something or you bring something to somebody’s attention that may not be a direct allegation… it may be, “Look, this is abnormal. We really need to have this discussion.”

They’re like, “Oh, it’s Susie. Susie’s not going to be doing that to me.” That has to be part of your daily discussions with folks.

(00:09:24) Tammy McGaughy: And it is. It’s trust. I mean, you can have trusted long-time employees, but there’s the adage of “Trust, but verify.” You know, people realize that yes, you do place a lot of trust in employees because you can’t be in all places at once.

You do have that level of trust, but sometimes the trust is abused. A lot of cases that I’ve seen, that is in fact what happens is they’ve trusted this employee. They never expected that this employee would do something like that. And then they’re upset about it afterwards. We’ll go over some good advice later of what you can do as a business owner, just to make sure that you are monitoring and that you do have some mitigating controls in place. You can’t have a failsafe segregation of duties or failsafe plan to prevent fraud, but you definitely can have some things in place that help reduce the risk of fraud.

(00:10:31) Kim Hartsock: Tammy, Paul touched on this. There are controls that are necessary that will help businesses prevent, but also help them detect fraud, right? Because most of the time when we find out about fraud, it’s been going on for quite some time. And that’s the track record of fraudsters is they may be doing it for some reason, and they get away with it and then they get a little more bold and they go a little bigger and they start to do it longer.

Then, by the time we find it, you’re into the seven digits of dollars that the company has been defrauded from. So, if I’m a business owner listening to this and I’m having a panic attack because maybe I haven’t had some of these controls in place, what are some things that I can start doing today that will help me prevent and also help me detect if there is fraud going on?

(00:11:33) Tammy McGaughy: That’s a great question, Kim, and there’s a couple of things that a business owner can do. I’m going to say the first thing is just reviewing your internal controls, making sure the functions that you have going on and that there’s proper segregation of accounting duties.
What that means is just making sure one person doesn’t have complete control of a transaction cycle from the initiation all the way to the record keeping. So, authorization is separate from someone who has custody of records. From someone who is doing record keeping, and we can go back to the example, you know, the payroll was one of the frauds that I deal with and looking at the segregation of accounting duties and the payroll system.

You know, separating, hiring and setting up employees and in your system, keep that separate from someone who is actually processing the payroll. Then, once payroll is processed, just making sure that there are some review and approval steps going on and then reconciling the bank accounts.
It makes sure that there’s people involved in those steps of the payroll cycle. So, understanding your transaction cycle and making sure that there’s not one person that has control from start to finish. That’s just known segregation of accounting duties.

Second is just know your employees. When you’re hiring new employees, do a background check. If you know, prior to hiring that employee, they may have been convicted of fraud, they may have poor credit or there may be something in their background that you really don’t want to be part of your organization. It may be a motivation for them once they do become an employee to commit fraud. So, know your employees.

Of course, third would be just maintaining internal controls. I know we’ve talked about the segregation of duties, but understanding what procedures you have in place and are those procedures being followed? You may have some great procedures, but if they’re not being followed, then it’s not a good thing.
The most important is education and understanding. You know, what are some red flags? What are some risks to be aware of that, in the different transaction cycles, how could fraud occur and then training on that? You know, everybody within an organization has a role to help reduce fraud and so education to your employees and understanding what those red flags are is impactful.

(00:14:34) Paul Perry: Those are really good points, Tammy. One of the things that I do when I go out to companies… You talked about it at the beginning of this episode of having that heightened sense of awareness, right? So, when I go to an organization, the first thing I do is a parking lot audit, right? I’m checking out what’s out there and if something sticks out. No offense to any Maserati owners, but if I go to a parking lot and I see a Maserati that is not parked in the president spot or the CFO spot, I’m going to ask, “Hey, who’s that? I’m a car guy. That’s an awesome car. Who has that? I’d love to talk to that person.” When I find out that’s the AP clerk, right? That’s my cue. I think you’ve done this so much and I get accused of this a lot is I bring “Chicken Little” to the conversation a lot and I suspect things before they happen, but it’s because you’ve seen it so much and you can’t not.

(00:15:28) Tammy McGaughy: Oh, absolutely. I agree. The lifestyle: does it make sense based on the position that the person is? Lifestyle is big. If all of a sudden, and there’s a couple of things: lifestyle, it could be a change in behavior. This person may have had an even-keel behavior, then all of a sudden, they become very controlling or something that just doesn’t feel right.
There may be something going on. It may not be fraud, but it could be that they’re committing fraud and you’re just starting to find the tip of it. So, those are very good points.

(00:16:07) Paul Perry: So, some business operations that put their company in position that subjects them to a higher risk.You’ve talked about that a little bit in your experience and what you’ve seen. What can companies do to really minimize that risk of business fraud? Again, not take it completely away but if you don’t open yourself up to that susceptibility, maybe it helps going forward.
So, what are your thoughts?

(00:16:32) Tammy McGaughy: There’s just a couple of things that the companies can do is: one, if you have an expense policy where you’re reimbursing it, just make sure that you have a good review and approval process, make sure that someone’s reviewing the details and that the expenses are being approved properly.
If you have a company credit card, we really try and stay away from company credit cards, because that is an area where we have seen a lot of abuse. So just avoid company credit cards. If you have something that you need to purchase, then have the company purchase it on your behalf. But no company credit cards, if at all possible. Surprise bookkeeper audits is good. Make sure that you on a periodic basis are reviewing stuff. You know, it makes the person know that that their work is going to be looked at. Reviewing bank statements: I think that is a huge thing that someone can do. The bank statement will show anything that may stick out as unusual. As a business owner, that’s an easily once a month type thing. You know what the nature of your business is.

You could easily tell if there is something that sticks out. Another thing is sometimes companies have advanced accounting systems. And if you do have an advanced accounting system, use the system to detect fraud. Maybe you have some parameters set in your payroll system. Anyone that if their paycheck goes over a certain threshold, say it’s a 10% increase in the pay from previously, then, it’ll flag it. And so, the controller or a business owner can actually review those indications, that something is unusual. So, is it like a red flag in that system?
So, I mean, those are like simple things that you can do to minimize the risk in your business.

(00:18:44) Paul Perry: And I want to also relate all of our listeners back to episode 26, where we talked a little bit about controls improvement for companies. And that was a very similar discussion, a lot of the same things.
You mentioned bank reconciliations, and I would say that in a hundred percent of your fraud cases where there was fraud, but there was a bank reconciliation that wasn’t done over a month old, right? It means that that’s a quick indicator. If I’ve asked for bank reconciliation and it’s been more than a month and I still don’t have it, there’s a reason.

(00:19:17) Kim Hartsock: Yes. Tammy, we’ve covered a lot of things for our listeners today and we always try to wrap it up in 60 seconds or less on these episodes. What do you want to leave the listeners with today? What are some specific things that you want them to walk away with and remember?

(00:19:33) Tammy McGaughy: Probably the most important thing is just to monitor. You may not have enough money and systems in place to have full control over your accounting or business systems.
But monitor. I think sometimes perception is enough. If someone thinks that you’re reviewing their work, then they may not be as eager to commit fraud. But monitor, even if you have the most trusted employees, because it will let them know that that their work will be looked at. So, monitor would be my best advice.

(00:20:14) Paul Perry: Tammy, I enjoyed the conversation. Thank you for being with us today. I think this was a good discussion. Thank you.

(00:20:20) Kim Hartsock: That was great. Thank you so much, Tammy.

(00:20:22) Tammy McGaughy: You’re welcome. Thank you.

(00:20:24) Commentators: And that’s a wrap. If you’re enjoying the podcast, please leave a review on your streaming platform. To check out more episodes, subscribe to the podcast series or make a suggestion of other topics you want to hear, visit us at warrenaverett.com/thewrap.

Listen to More Podcast Episodes

Listen to additional episodes of Wrap—a podcast by Warren Averett designed to help business leaders access the information that you need, when you need it, in the time that you have, so you can accomplish what’s important to you.