Offices are often overlooked as a source of theft or fraud, other than the old cliché about works stealing pens. Yet, it has been a hotbed of loss for scores of years, exacerbated now by technology.
Many times, bosses, owners and supervisors have little technical knowledge about bookkeeping, spreadsheets, online ordering and opportunities through a host of technologies, leaving this detailed work to specific employees.
Over the decades in which we have conducted investigations, we not only have found that office employees are as likely to steal as customers in a retail setting, but, when they do commit theft and fraud, it generally is in significantly larger amounts than for other employee theft.
Business operators, though, tend to feel that their trusted employees would not steal from them, yet it is this opportunity of trust that facilitates theft.
One owner of a chain of pharmacies operated a head office with two female employees. The sex of these employees is relevant, because the owner fancied himself to be charismatic and very appealing to women (which he was).
We discovered that his key employee, a female over 20 years his junior, had been stealing roughly twice the mount of her salary from the store’s revenues, through a variety of methods.
Usually, we did not allow the employers to sit in on our exit interviews, because it tended to make the admissions more difficult to extract. This boss insisted. We compromised and allowed him to observe the latter part of the interview, after the employee had confessed to modest amounts. It was standard that we extracted confessions bit at a time, because it was easier for a person to confess to minor theft than the major amounts often involved.
As he listened to the tally, our client became agitated and finally broke in.
“But I thought you and I had a special relationship?”
The female responded with a simple, “you’re my boss.”
This crushed her employer, and he left the interview room while we continued.
Later, he bemoaned that he thought he had a special relationship of trust with this person.
It was easy for us to explain, but difficult for him to understand that the money played a more significant role as love interest than he did. Trusted employees very often rely on that trust to manipulate company systems and pilfer. Office settings afford privacy and often include people with higher intellect and ambition than everyday employees.
For this reason, office settings should pay acute attention to their daily operations and have independent oversight. The expense is worth it, being an investment rather than a cost.
Computer fraud versus theft
Many of the loss incidents in retail back office situations are straightforward thefts, with a cursory effort to cover the thief’s tracks. However, most other office situations involve fraud that may be simple or complex. There is a long list of protection strategies that every business easily can implement to minimize risk and increase the potential to detect loss.
Works Alone
This, combined with autonomy and no failsafe mechanisms, creates the single greatest opportunity for theft and fraud. The ability to evade oversight means that the employee can carefully craft fraudulent transactions and systems, test them and elaborate upon them. Having infrequent, random visitors to the office works almost as well to deter loss than having more than one employee in the office. By examining the indicators of office theft and fraud, you can intercept deviant transactions more readily.
Scoring (Low to High) 0-10
No Crosschecks
Do you remember in grade school when the teacher would ask that you hand your test to the person behind, beside or in front of you to check your work? It was a way of ensuring honesty and accuracy but failed when your friends graded you favourably because they were close to you. This same principle applies in the job setting. Having balances and checks in place to ensure accuracy does not imply honesty but it does provide a safeguard against dishonesty. The systems, however, are only as effective as the people monitoring them permit them to be.
Scoring (Low to High) 0-20
Multiple roles and duties
In small businesses, it is often uneconomical to have a clear separation of duties and if you have only one or two office staff, they are likely to work on each other’s projects as needed. However, the more often a sole staffer is given multiple roles (particularly in money management such as ordering, verifying and issuing payment), the more opportunity that exists. You can break this chain by having one independent person conduct infrequent checks. This may include hiring an outside bookkeeper to come in every couple of months to review the books for accuracy.
Scoring (Low to High) 0-10
Relationships with suppliers and other staff
Close relationships develop in small businesses or where regular salespersons, delivery drivers, customers or staff are in contact with specific employees. These relationships should be monitored, as collusion and sweet-hearting are common forms of theft and fraud in small enterprises.
Scoring (Low to High) 0-5
Access to high-level computer records and program data
In businesses that are not technology-oriented, such as trades, project management, logistics & transportation, retail and supply, the technical work usually is assigned to someone with those specific skills. Because the owner may not have tech knowledge, this employee has the opportunity to manipulate or steal data with little risk. As with an employee with multiple roles, outside monitoring on an infrequent basis will alleviate some of the risk. Even if the outside person is not investigating the areas where the employee sees an opportunity, the perception of risk is increased and the likelihood of fraud decreased.
Scoring (Low to High) 0-10
Signing & ordering authority
The person who places orders should not be the same person that receives the order, and the person who sets payment for the order should not be the only person who also orders or receives that product or service.
Scoring (Low to High) 0-20
Bookkeeping & financial access
This item is similar to access to computer records and signing authority items. However, even if you have outside bookkeepers working for you, they should be limited to accessing only the information that is required. You should establish multiple levels of access in the same way that you have administrators, users and guest who can access forums or websites on the Internet.
Scoring (Low to High) 0-20
Employee sets their own hours
While it may be admirable that you have a level of trust with your staff that they can set their own hours, there are patterns that may indicate the employee has found an opportunity to commit fraud or theft. These include working late or early hours with no other staff present, taking work home, working through lunch hours alone or always attempting to be present when specific orders, clients, suppliers or salespersons arrive.
Scoring (Low to High) 0-10
Access to safe or other locked areas
These areas are secured for a reason: they contain sensitive or valuable information or items. Limit access for keyholders only to areas here they need access and, where possible, establish a practice of having two randomly selected employees accessing these areas at specific times.
Scoring (Low to High) 0-5
Offsite deposits
If you cannot make offsite deposits on your own, ensure that two people make these deposits, ostensibly to protect against robbery but also to protect against the temptation to take advantage of the solitude. Verify the accuracy of any deposit as soon as possible, but not longer than 24 hours.
Scoring (Low to High) 0-10
Sole employee understanding systems
Whether it is computer systems, equipment operation, financial records, ordering and procurement or general operations, always ensure that more than one person understands these systems, to prevent against “empire building” and development of alternative (often deviant) systems or processes.
Scoring (Low to High) 0-20
Relatives & friends connected to business
Having relatives and friends connected to your business creates two primary problems. First, they are more likely to be employed in positions of trust, which provides greater opportunity. Two, they are often resentful, rather than appreciative, if non-close contacts get preferred positions that the friend or relative thought they deserved. This increases motivation for deviance.
Scoring (Low to High) 0-5
Trash handling
The janitor generally is the most overlooked employee, but has the most access to potentially sensitive information, as well as opportunities to take merchandise either after hours in the trash or in a clandestine manner while cleaning up. They also are more likely to be able to observe passwords being used on sensitive files.
Scoring (Low to High) 0-10
Postal duties
Postal duties, like offsite bank deposit duties, gives the employee a greater opportunity to take advantage of solitude to steal or defraud your business. Preparing shipments autonomously enables the employee to ship stolen goods, create fraudulent transactions and divert your assets away from your business (possibly to their own home).
Scoring (Low to High) 0-10
Discount & return authority
The employee who is authorized to accept returns and refunds, apply discounts or create rebates also has the opportunity to do so for their own gain. A proper and thorough log, checked often for accuracy and patterns, is a strong deterrent to fraud.
Scoring (Low to High) 0-20
Ability to reroute incoming & outgoing shipments
Like postal duties, the person with exclusive authority to reroute product or assign services also has the ability to do so for their own gain. As in other issues, a strong tracking system helps to alleviate this risk.
Scoring (Low to High) 0-10
Can observe everyone arriving & departing
This creates an advantage for an employee looking for an opportunity to steal or commit fraud. By observing key persons coming and going, they can time their deviance to their advantage. To mitigate against this risk, use overt cameras and establish an open air environment (windows, barrierless office, etc.) so that others can observe the coworker, as well.
Scoring (Low to High) 0-5
Key control
Change keys whenever a critical employee who had access is terminated. Keep a record of key access and re-key locks yearly. Even supposedly unduplicable master keys can be copied by less than trustworthy locksmiths. Deactivate swipe cards when an employee terminates or locates to another position where access to the prior locks is not required. Where possible, replace actual keys with swipe cards, to minimize cost and risk.
Scoring (Low to High) 0-10
Password control
Require that employees change passwords at least every couple of months, to prevent others from accessing their files. Do not give out your own passwords, even to trusted employees. Make sure that every employee provides you with their passwords for work equipment.
Scoring (Low to High) 0-10