It is estimated that approximately 95% of businesses experience some form of employee theft. Theft can occur in varying degrees of severity, but this statistic depicts the reality and commonness of employee dishonesty in the workplace. Employee dishonesty is defined as any act of fraud or dishonesty committed by an employee against their employer.
To properly investigate a fraud, one must understand the three components of the fraud triangle which together, lead to fraudulent behavior. The fraud triangle consists of incentive/pressure to commit fraud (e.g. personal financial struggles), opportunity to commit the fraud (e.g. weak internal controls), and rationalization or justification for committing the fraud.
Some of the most common forms of employee dishonesty include credit card fraud, theft of cash, theft of inventory, and payment of fictitious vendors. Below we will review these examples in the context of insurance claims and discuss important considerations when analyzing the claims.
Credit Card Fraud
Employees with access to company cards pose a threat to commit credit card fraud, which will typically take the form of the employee using the card for personal expenditures. Credit card fraud often occurs over long periods when there is minimal supervision of credit card statements and a lack of segregation of duties or internal controls in a company.
Based on our experience, the principal (accused employee) will often begin the fraudulent scheme with a small, fraudulent expenditure that can generally be “buried” in their employer’s financials. However, over time, the principal will tend to become more comfortable with the process and will increase the frequency and volume of the theft. Eventually, the fraudulent transactions will become too difficult to “bury” and the theft will be discovered. This is the classic fraud behavior pattern. In other situations, the fraud is discovered when the employee leaves and any concealment processes are no longer in place, internal controls are modified and/or strengthened, or when a new Head of Finance joins a company.
During our review of these types of insurance claims, one challenge we often come across is separating legitimate and fraudulent expenditures during the considered period. Business owners will often include a large number of credit card transactions in the claim, based on the assumption that the expenditure is fraudulent. It is essential to review the expenditure in detail and obtain a full understanding of the insured’s operations to confirm if the expenditure is fraudulent.
Depending on the type of business and role of the employee, expenditures related to groceries, restaurants, travel, or office supplies could be either legitimate or fraudulent. As a simple example, in a recent engagement, the insured claimed an employee theft amount related to multiple flights and hotel charges on the company credit card. Flights and hotel expenses can be normal operating expenses for many businesses. However, in this case, we learned that the principal worked in accounts payable and was never required to travel for business purposes, which was confirmed in review of historical transactions and job descriptions. Thus, we had the information needed to isolate those travel-related transactions charged by the principal.
Understanding the nature and intricacies of the business along with the duties of the principal’s job will help one further evaluate and distinguish potential fraudulent expenditures.
Another important consideration is verifying that the expenditure was made by the accused employee and not a different employee or the business owner. In some cases, the accused employee has a company credit card with their name, which allows easy identification of their individual expenditure. However, in other cases, multiple individuals may have use of the company credit card. This can make it more challenging to verify that the expenditure was made by the accused employee.
Theft of Cash
There are many different scenarios where theft of cash by an employee can occur. Common examples include:
- Stealing cash from the register/safes/petty cash,
- Overcharging a customer and ‘pocketing’ the difference,
- Not recording cash transactions into the sales system and ‘pocketing’ the cash (known as “skimming”)
- Altering deposit slips to show less cash being deposited and ‘pocketing’ the excess amount
It is difficult for businesses to trace cash transactions as accurately as electronic payments. As a result, cash thefts are generally not discovered until the theft has occurred over a longer period of time and cash discrepancies become more apparent.
When evaluating an employee dishonesty claim related to cash theft, it is first important to get a full understanding of the insured’s normal cash handling procedures. This could include identifying:
- Which employees are authorized to handle cash,
- How the cash flows through the business,
- If there are any cash reconciliation processes/controls in place,
- Cash deposit processes and regularity (e.g. are there fixed calendar dates when cash is deposited).
Once established, it is important to request the proper documentation needed to review the theft claim for periods prior to, during, and after the impacted period. Obtaining information prior to the impacted period will allow us to establish a baseline of “normal” operations. From there, we can review information during the impacted period to identify unusual activity as compared to normal (pre-impacted period) that may relate to the claimed theft. Finally, we can review information from the post-impacted period to confirm that once the theft was identified, and the principal was removed, the unusual activity returns to normal.
In a recent engagement, the principal was an acting manager who temporarily assumed the position of manager while the company searched for a permanent replacement. At the end of each day, it was the acting manager’s responsibility to physically count the cash on hand, report the amount counted, and deposit that amount at the bank. At the time, the acting manager was the only employee monitoring the company bank statements and company financials. Due to the lack of internal controls, the principal was able to “short” the day-end cash count and steal the remainder without anyone noticing. It was not until three months later when the insured hired a permanent manager who noticed abnormalities upon review of the company financials. Once investigated, the principal’s theft was discovered.
Theft of Inventory
Inventory theft occurs when an employee steals inventory from their employer, for either personal use or with the intent to re-sell the merchandise. Stolen inventory can range from small PPE items taken from a healthcare employer to rare materials or finished goods stored in a warehouse.
The types of inventory recording procedures vary hugely between businesses. Large operations may have detailed electronic perpetual inventory systems, strong internal controls, and conduct regular physical inventory counts. Smaller businesses may have handwritten inventory records, no internal controls, and may have never completed a full physical inventory count. The approach to the claim analysis will depend on the inventory procedures put in place by the insured and the resulting reports and documentation available for review. Unfortunately, businesses with the most limited inventory records are often those who fall victim to inventory theft. In these cases, it can be very challenging for the insured to document their claims for lost inventory.
In a recent engagement, we analyzed a claim presented by an insured that sold thousands of home appliances from a large warehouse. The business sold both new appliances and damaged/returned items at a discount. For the new appliances, the insured maintained a sophisticated inventory tracking system. However, for the damaged appliances that were sold at a discount, the inventory tracking process was much less formal. The principal in this case had the responsibility of selling damaged inventory and was able to exploit the lack of internal controls relating to the damaged items and steal inventory items for resale.
Payment of Fictitious Vendors
Fictitious vendor schemes occur when an employee responsible for vendor payments creates a fictitious vendor and fake invoices and initiates company payments to their personal account or to the account of another entity involved in the scheme. Generally, this can happen in a business environment lacking internal controls such as proper vendor verification and separation of duties.
Fictitious vendor schemes often take a long time to discover, as if the scheme is occurring, it is likely that the company does not regularly audit its vendor listing. Many times, the discovery of the scheme will happen when the company hires a new in-charge employee or updates the company vendor policy.
In a prior engagement, the principal had full control of the company’s accounts payable cycle. It was this employee’s responsibility to issue checks to all vendors. Due to the lack of internal controls, the employee was able to create a fictitious vendor using her daughter's name and address to route company checks to. This went on for over two years until the principal forgot to cash one of the checks issued. At the time, one control in place was to contact all vendors with checks issued but not yet cashed after one month. The theft was discovered when the company realized one of the outstanding checks was addressed to the principal‘s daughter.
When analyzing insurance claims for fictitious vendor schemes it is important to consider the following:
- Verify that the claimed fictitious vendors are not legitimate vendors. In some cases, the employee may have created numerous fictitious vendors, therefore the insured may be confused as to who is a fictitious vendor and who is a legitimate vendor.
- Verify that payment was actually made by the insured for any invoices identified as fraudulent and included in the claim, and follow the money.
For example, in a recent engagement, an insured made a claim for thirty-five fake invoices amongst five vendors totaling $130,000. However, upon further investigation:
- Our review of the vendors revealed that two of the vendors were in fact legitimate vendors that the company CEO was not familiar with. This reduced the amount stolen by $45,000.
- Our review of the company bank statements and accounts payable ledgers revealed that seven of the fraudulent invoices for fictitious vendors were not paid by the insured as the scheme was identified before payment was made. This reduced the amount stolen by $25,000
Theft Recovery
An often overlooked but important factor to consider when engaged in an employee dishonesty claim is whether or not there will be any recovery of the theft from the principal or other entities. For example, if a portion of a cash theft is paid back by the principal, that amount must be considered. In the case of credit card fraud, an insured might dispute any fraudulent charges with the credit card company and may be able to have the charges reversed, and the funds recovered.
Analyzing Insurance Claims for Employee Dishonesty
Employee dishonesty schemes can take many forms and impact businesses in different ways. When analyzing insurance claims for employee dishonesty, it is essential to not only get an in-depth understanding of the insured’s business operations but also understand their internal controls, processes and ability to recover any of the amounts in question.
