Is Your Company Vulnerable to Employee Theft?

I am beginning my 46th year as a practicing certified public accountant, and thankfully, I have only experienced employee theft in one of my firm’s clients a handful of times. I have also discussed at length the details of many other instances by clients, friends, and industry contacts. These instances have many commonalities but only one factor common in all of them: They were perpetrated by people whom the owner trusted implicitly.

Let’s take a look at the details of some of these cases:

1. The plant superintendent and a close relative of the family ownership group was systematically padding the pallet invoices and was (presumably) getting kickbacks from the vendor. In this case, the chief financial officer happened to be in the plant and saw the pallet vendor delivering a half load of pallets, yet when he checked the invoices from this vendor, they had never been billed for less than a full load. Since wood prices had skyrocketed during the COVID-19 pandemic, the theft was masked because everyone expected pallet prices to rise significantly. At the end of the day, the person signing for the pallets was dismissed and would not implicate anyone else. The estimated loss was approximately $200,000.
2. A customer service manager, who also ordered board and ink, purchased products, and had full access to the enterprise resource planning (ERP) system, set up fictitious vendors. Vendor names similar to those of existing vendors were created and the invoices cloned. She duplicated sign-offs for approval and receiving (or had someone in the plant working with her—this was never fully established) and always made sure there were no open payables at the end of any given month. She knew the owner and controller always reviewed the ending accounts payable schedule in conjunction with the month-end close. This went on for over two years, and approximately $250,000 was ultimately stolen. The scam was uncovered when they switched ERP systems and someone noticed the multiple vendors with similar names on the master list of vendors.
3. The chief financial officer of a well-known industry supplier padded every payroll for a four-year period. The total loss, including fictitious payroll taxes paid, was over $2 million. The theft was uncovered when the CFO was out sick and someone else was charged with processing the payroll. That employee decided to hand out the paychecks individually because he didn’t know everyone in the factory—much to the chagrin of the plant manager, who was evidently in on the theft.
4. A bookkeeper of a family-owned group of companies paid fictitious vendor invoices in this chemical import company. She was practically running the company for a while when the owner was having some emotional problems. She was also posting the books and reconciling the bank accounts. The total theft was in the neighborhood of $500,000.
5. An accounts receivable clerk allowed shipments to be delivered without being invoiced. She was in cahoots with someone in shipping and was likely (although never proved) receiving kickbacks from the customer. This was uncovered when the shipping person was on vacation and his replacement questioned the lack of paperwork on some of the skids.
6. A controller of a family-owned group of real estate holding and development companies was double-paying invoices for things such as fire extinguishers from multiple companies. Since all of the companies needed these items and the amounts were relatively small, this was almost impossible to detect. This went on for two years until the owner questioned why some of the expenses seemed to be higher than he expected. It turned out that the controller was manipulating the bank reconciliations and bank statements to cover his trail and was discovered by the CEO, who was the former controller, when she looked into this independently. This one hit close to home because I lost the client over this theft, even though it would have been impossible for me to uncover it in the course of my tax preparation engagement. The owner, who was a longtime client, simply said to me that he “stole on my watch” when he decided to bring in another firm.

As you can see, in all cases the thief was a trusted longtime employee or manager who knew where to find vulnerabilities in the system. The losses accrued over a fairly long period of time and were uncovered either by chance, luck, or greed on the part of the thieves. The real question that needs to be answered is how could these businesses have better protected themselves?

The keys to protecting your business from theft and defalcation are as follows:

1. Insist on segregating duties as much as humanly possible in a small business. No one person should be able to create and reconcile your books to external sources such as bank statements.
2. Make sure you have a backup person for every key position who must actually perform the tasks periodically and all functions are rotated periodically. This is especially needed for people with access to shipping, receiving, inventory, payroll, and banking/treasury functions.
3. Adhere to a strict policy that everyone in your organization takes regular vacations.
4. Secure access to your network and make sure no one can create vendors or customers without proper authorization. Have someone review the receivable, inventory, and payable schedules midmonth, just to see if anything strange appears on them.
5. Have someone from outside the company periodically document your accounting system and your various systems of internal control, test compliance with them, and make recommendations. This may or may not be your current accounting firm, which may have been interfacing with your employees for a long period of time. Often hiring forensic accountants who generally get involved after the fact can be helpful as they have lots of experience with employee theft.
6. Make sure no “sacred cows” have the ability to circumvent your systems, even if they are close friends or relatives of the ownership group—or members of the ownership group itself. I have been in situations where the owners didn’t get along and were able to run expenses through the business that should not have been allowed.
7. Install cameras where goods can be shipped or received.

The world has become infinitely more dangerous than it was five or 10 years ago. There are bad actors with sophisticated information technology tools who are trying to get into your systems and either steal directly or put you in a ransomware situation. I have been exposed to many situations where paper, board, or consumption of various supplies is excessive and the typical techniques for determining excess waste cannot account for it. This is often because goods are being shipped and not invoiced or goods are being paid for but are not being received. No one ever wants to think they have a theft problem, but it happens more often than you think.

Trust your people but verify their work. Force everyone to take time off and have others do their jobs. Lock down your systems. Bring in outsiders to help you look for vulnerability. Make it hard for your people to even think about stealing from you, and don’t let anyone circumvent the policies and procedures that you set up to safeguard your assets.

Mitch Klingher is owner of Klingher Nadler LLP. He can be reached at 201-731-3025 or mitch@klinghernadler.com.