figures bode favorably upon companies

that have cultures of reporting and robust

whistleblower or hotline programs. Other

detectors of fraud include management

review (22%), accidental discovery (14%),

internal audit (14%), suspicious superi-

ors (10%), or some combination of the

foregoing.

What Risks Does Employee Fraud Present?

Employee fraud presents obvious financial

risks such as missing money or disappear-

ing assets. Almost 42% of the fraudsters

studied by the KPMG investigators in

Global Profiles of the Fraudster

cost their

companies at least $1 million. Businesses

must also take into account costs associ-

ated with investigating, remediating, and

litigating disputes and regulatory issues

stemming from the fraud. “When a [major]

corporation is caught in a government

investigation, the legal fees can quickly

exceed $100 million—and that’s before the

lawsuits even begin.” Peter J. Henning, The

Mounting Costs of Internal Investigations,

NewYorkTimes

(Mar. 5, 2012). Even small

businesses can experience relatively large

legal and investigation costs associated

with fraud.

Employee fraud also presents repu-

tational risks, sometimes referred to as

“organizational stigma.” According to

The

Scandal Effect

, Harvard Business Review

(Sept. 2016), “[o]ther organizations may

sever relationships with them or try to

take financial advantage of the situation”

and they may be “mocked in the media,

have their charitable donations rejected, see

employee morale plunge, and experience

an exodus of talent.”

The directors, executives and other

managers of multi-owner businesses face a

unique set of liabilities. Management owes

a fiduciary duty of care to shareholders,

partners and LLC members. These duties

translate directly into “oversight” respon-

sibilities. Not every employee fraud will

result in liability to management. How-

ever, where management “utterly failed to

implement any reporting or information

system or controls” or, having done so,

“consciously failed to monitor or oversee

its operations thus disabling themselves

from being informed of risks or problems,”

liability may attach.

In re Huron Consulting

Group, Inc. Shareholder Derivative Litig.

,

2012 IL App (1st) 103519 103519, ¶49,

971 N.E.2d 1067, 1083.

Frauds involving customer funds or

information involve additional litigation

risks. For example, when executives at

futures commission merchant MF Global

were accused of having misappropriated

customer funds to cover bad proprietary

bets, the company faced an onslaught

of litigation from regulators such as the

Commodity Futures Trading Commission,

customers whose funds were misappropri-

ated, and shareholders demanding to be

made whole by management. Likewise,

when Home Depot suffered a cyber breach

involving customer information, it was

faced with class action litigation and had

to fund a $13 million settlement and the

costs of credit monitoring for impacted

customers.

What Role Do “Internal Controls” Play?

“Internal controls” broadly refer to a

company’s system for protecting company

assets, whether financial, physical or intel-

lectual. The types of internal controls are

unlimited and can be tailored to the size

and nature of the business at issue.

One universal truth, however, is that

weak internal controls are a significant

contributing factor to employee fraud.

According to

Global Profiles of the Fraud-

ster

, 61% of fraud is the product of weak

internal controls, and another 11% is the

product of collusion circumventing good

internal controls.

Obviously, the more complex the

organization, the more complex the inter-

nal controls. These controls should be

designed by taking into account universal

guidelines such as those contained in the

Internal Control--Integrated Framework

published by the Committee of Sponsoring

Organizations of the Treadway Commis-

sion. However, simply designing controls

won’t be sufficient, as an organization must

regularly test and assess the effectiveness

of its control environment: this is critical

for maintaining an effective mechanism to

assist with preventing and detecting fraud.

Even small businesses can implement

controls that help prevent and detect

employee fraud risk. For example, busi-

nesses that receive payments by cash or

check should not have the employee who

receives payments also record the transac-

tions in the books or reconcile accounts.

Rather, separate employees should be desig-

nated or, at minimum, the business should

have a high-level manager or owner directly

28

JANUARY 2017