If federal authorities are right, the scheme was simple. El Dorado Hills resident Jeffrey Davis was national sales manager for Nature’s Path Foods, a Vancouver-based organic food company. Glen Martinka co-owned a food brokerage and distribution service based in Phoenix that marketed and sold Nature’s Path products.
Davis could authorize Nature’s Path purchases of at least $3,500. Prosecutors allege that between December 2008 and April 2012, Davis used that power to work with Martinka to create fake invoices, charging the company for non-existent services. Davis submitted those for reimbursement, and he and Martinka then split the proceeds, the feds say. Over three and a half years, the pair allegedly stole about $219,000. (Nature’s Path didn’t respond to a request for comment.)
Cashiers create fake transactions. An attorney diverts money from nonprofits whose accounts he managed. A credit union staffer falsifies bank documents. These are a few of at least nine cases of proven or alleged embezzlement in the region since 2013. “With fraud, there’s always something new and different. You never see it all — they just keep coming,” says forensic accountant Annette Stalker of Stalker Forensics in Granite Bay.
Most local cases involved mid-sized companies, banks or charities. Each year, small and mid-sized organizations, including small businesses, lose the most to employee theft. A study released in August by international insurer Hiscox reported that the median employee theft case cost companies an average of $1.13 million in 2016, and that 55 percent of cases involved companies with fewer than a hundred employees. And while no one keeps national data on employee embezzlement, a 2016 survey of fraud examiners estimated that it costs businesses and other organizations a full 5 percent of revenue each year.
A sense of autonomy is often what keeps staff happy in small businesses. But every virtue has its vice and when it comes to money, independence is cousin to temptation.
Small firms have fewer employees, but they lose the most in these schemes. The fraud examiners’ survey found that the median loss at organizations with fewer than 100 employees in 2016 was $150,000, while losses at those with 1,000-10,000 employees were only $100,000.
But most companies don’t get interested in better controls until they’ve been hit, says Stalker. Small and mid-sized companies are behind for obvious reasons — they think they don’t have enough staff to segregate duties, and they’re more likely to employ family members and long-term employees, so relax what controls they do have. That’s why those who investigate swindles say small-business owners can make inexpensive business-process changes to avoid being the next target.
You Think You Know Someone
A common theme runs through many cases of employee theft: The perpetrator is a longtime, trusted employee, so oversight has been relaxed. “It’s sort of like, ‘Hey, we know him. He’s been around a long time. It’s OK that he’s not following the exact rules,’” says John Barrett, director of EisnerAmper’s forensic, litigation and valuation services group in Sacramento. Owners who don’t understand the work of their specialist employees are especially likely to fall prey.
Barrett worked on a case like that not long ago. A company hired its first-ever IT director to update the firm’s software and equipment. The owners saw immediate benefits. Over time, they gave him ever-more responsibility and independence. Finally, they put him in charge of his own budget, and he reviewed and approved vendors and related deliveries.
Related: Lock the Business Cookie Jar
His supervisors didn’t know that he had family members and
friends who worked in IT. So, he started ordering fictitious or
wildly price-inflated parts and services. He’d send $10,000 to
his brother’s company for computers that never arrived, and the
brother would pocket $3,000 and send him $7,000, says Barrett.
The owners didn’t understand enough about tech to know that the
spiraling spending indicated a problem.
The director was caught only when the company brought in a second
tech staffer, who asked a board member why the IT equipment
budget was so large. When the company landed some government
contracts, the board member took his questions to the
government’s auditors, who uncovered the slow-moving heist.
Whiteout, Tape and a Knife
Companies targeted often have something else in common: The
owners don’t look at financial statements. That played a role in
one of Stalker’s recent cases involving an area mortgage broker.
A longtime staffer shared a small office with the company’s main
bookkeeper. They became friends, and the officemate learned where
the bookkeeper kept her login passwords.
That laid the groundwork for a low-tech, multi-part scheme. The bookkeeper worked part-time and came into the office at noon. So the officemate showed up most mornings at 5 or 6 a.m., before anyone else was in. On those days, she had a priority task: Login to the accounting software as the bookkeeper and write a check to herself, usually for about $1,000. Then in the accounting software, she substituted the owner’s name for hers, as the recipient. That in itself wouldn’t raise suspicion, since the owner often wrote checks to himself. Then she’d get back to work.
Related: I Think My Boss is Stealing From Me
There was a remaining step — the riskiest. She’d always volunteer
to collect the mail, meaning she’d be the first to get her hands
on the bank statement. That was crucial because it showed copies
of her self-dealing checks.
Statement in hand it was back to her office, where she kept a
folder with an X-ACTO knife, whiteout and tape. On the damning
checks, she’d surgically remove her name and implant the owner’s.
Next, she went to the copy machine to remove the traces of her
doctoring. It helped that the owner never checked the statements.
Fast-forward three years and more than $200,000 later. One month,
the employee got behind on her name-transplant duties.
Unfortunately for her, it was tax time, and an outside accountant
in the office asked for the latest statement. It wasn’t in the
files because it was on the employee’s desk waiting to be
doctored.
The owner called the bank, which helpfully faxed over the missing
statement. The wayward staffer tried but failed to intercept the
fax, and it was soon in the hands of the owner and tax
accountant. “What’s this?” the owner asked the employee when he
read the checks.
She had no answer, and he fired her on the spot.
(Real names omitted per Barrett and Stalker’s CPA professional
code of conduct, including a duty to maintain client
confidentiality.)
How Not to Be a Victim
Small companies assume they can’t afford expensive control
measures to stop cases like these. The fraud examiners survey
found bigger companies far more likely to have sound anti-fraud
controls like external audits, fraud hotlines and fraud training
— all of which detect and stop theft faster and so cut the losses
if it does happen, according to the report.
In fact, small firms can afford prevention, says Stalker. In
2010, she and Conrad Davis, a partner at accounting firm Crowe
Horwath, wrote a white paper on inexpensive steps that small- and
medium-sized organizations can take.
For example, business owners should check bank statements before
bookkeepers do. They should look at all canceled checks to make
sure the payees are legitimate and that signatures and
endorsements are authentic.
Owners also should limit financial authority, say Stalker and
Davis. That means establishing dual check-signing responsibility
for amounts over a certain level and having those who deposit
checks return the deposit receipts to someone else, who compares
the amount against the bank statement. That also means having a
separate person check company orders when they arrive — in the
case of the IT director, someone else should have signed off on
delivery to ensure that if 10 computers were ordered, 10 were
delivered, Barrett says.
Fraud tip lines are essential too. Companies should contract with one since they’re the most common way that theft is detected, according to the fraud survey.
And Stalker and Davis advise owners to do background checks on
all hires who will handle money. Once they’re onboarded, owners
should be alert to lifestyle changes that indicate someone living
beyond their means.
James McCurley, a director and forensic accountant in the
Sacramento office of Denver-based RGL Forensics, says
companies should meet with an outside accountant every six
months. You might pay for a couple of hours of an accountant’s
time, but that’s well worth the price, he says.
Companies also often set an upper-dollar limit on transactions
that don’t get the normal scrutiny. That’s acceptable, says
Stalker, if you ensure there are too few of them for an embezzler
to do lasting damage. If you have only 10 transactions a
year of less than $200, you could decide those aren’t worth
tracking. But 50 in a year might be a different story.
McCurley adds a public relations proviso to fraud prevention:
Make sure your employees see the measures you have in place. Part
of their value is to advertise to other employees that someone
else is watching the books. Barrett says there’s no reason for
employees to be offended that they’re being cross-checked. “You
have to be clear in your communication: ‘We’re going to look at
what you’re doing closely, and it’s not a personal reflection on
you. It’s a safe way to conduct our business,’” he says.
In fact, those who put in good controls are doing their employees
a favor by not tempting them. “These are crimes of opportunity,”
McCurley says. “Rarely do people join a company intending to rip
off the owners.”