LEARNING OBJECTIVES

After studying this chapter, you should be able to:

17-1	Understand and describe abusive conduct
17-2	Determine why attempting to achieve perfection in the workplace is not desirable
17-3	Explain the obstacles to accurately measuring the level of occupational fraud and abuse in organizations
17-4	Determine why greed is an inadequate explanation for occupational fraud and abuse
17-5	Explain the concept of “wages in kind”
17-6	Compare and contrast fraud prevention and fraud deterrence
17-7	Explain the significance of the “perception of detection”
17-8	Identify some of the factors related to increasing the perception of detection
17-9	Explain the relevance of adequate reporting programs to fraud deterrence
17-10	Understand the implications of the Corporate Sentencing Guidelines
17-11	Understand ethics and ethical theory

DEFINING ABUSIVE CONDUCT

The cases we have seen on the preceding pages were, by and large, on the extreme edge of abusive conduct by employees. In short, this data is merely the tip of the iceberg. How deep and massive that iceberg is varies from one organization to another, depending on a complex set of business and human factors.

The depth of the iceberg is also measured by what is defined as abusive conduct. Obviously, the more rules within the organization, the more likely employees are to run afoul of them. A study by Richard Hollinger and John Clark revealed that almost nine out of ten employees admitted to committing abusive conduct at some level.¹ Part of that abuse is owing to the diverse nature of individuals. Tom R. Tyler, in his book Why People Obey the Law, concluded overwhelmingly that individuals obey only laws they believe in. If a rule makes no sense to employees, they will make their own.²

Let me illustrate the point with another personal experience from the FBI. The FBI did a thorough background investigation before they hired me. They investigate each and every agent prospect. When you are hired, it doesn't mean you're perfect—just that they have put you through every wringer they can think of, looking for any imperfection that may surface to disqualify you.

Of those who survive that process, only a tiny percentage are actually hired and put through training school—as I was. From day one, the agents were held to impossibly high standards. To illustrate the mentality at the time, consider what our esteemed instructor told his class of thirty-five eager, bright-eyed trainees. “The FBI doesn't have any ordinary agents. Every single one of them is above average or better,” the instructor bragged. One of the trainees sitting toward the back of the class—a mathematical type of guy—raised his hand. “Excuse me,” the trainee questioned, “I don't think it is possible for every FBI agent to be above average. By definition, to be above average, there must be an average, and a below average. So not every agent can be above average—it's statistically impossible.” The trainee spoke to the instructor with respect but conviction.

The classroom was silent, and every eye went to the front of the room, where the instructor was carefully formulating his response. “Look, Mister,” said the instructor. “If J. Edgar Hoover himself said every agent is above average, that's statistical enough for me.” And he meant it.

When we graduated from training class and went into the field, the rookie agents had to come to the real world. In the real world, we all got paid 25 percent extra for all the overtime we typically incurred. But the record-keeping requirements were so ridiculous that no one—outside the clerks in Washington—paid any attention to the myriad forms we all had to fill out every month to get paid.

The ridiculous part of the record-keeping, as far as the rank-and-file agent was concerned, was that there was no carryover for overtime accumulated from one period to the next. For example, if you put in 50 percent overtime in pay period 14, you still got paid 25 percent. But if you only put in 10 percent overtime in pay period 15, your overtime would be cut to 10 percent because you could not use the overtime you burned in period 14. But the kicker was that during the course of the year, all the agents would put in at least 25 percent overtime; many ran much higher.

As a result, virtually everyone I knew in the field at that time simply claimed 25 percent each pay period, regardless of the actual time they put in. And we had to certify, under oath, that we had worked that specific amount of overtime—no more, no less. Our agency could not pay us more than 25 percent, so they didn't “officially” want us to put in more time, because government regulations would have required them to pay compensatory time off. As a result, none of us took the certification that bore our signatures seriously. A sworn false statement under oath to the government—which we regularly signed on our forms—warned us all of the criminal penalties involved. Each and every one of us would sign such a form twenty-six times a year—just to get our paychecks. I commented on the irony of it all to a salty old FBI agent one day when both of us were at the sign-in register. “Joe,” he said, “welcome to the real world. Here is the way it works: If you've told many lies, you can't get in the FBI. But once you're hired, you have to tell a few just to stay in. And that's all because of these ridiculous regulations.”

What is the moral to this story—other than my admitting that during my professional career I have had my own personal experiences with occupational fraud and abuse? There are two morals, in my view. The first is that we cannot eliminate this problem in the workforce without eliminating people. The human race is notoriously subject to periodic fits of bad judgment. Anyone in fraud detection or deterrence who is aiming for perfection from the workforce will not only be disappointed, he will also find that such attitudes invariably increase the problem.

That paradox is the second moral to the story: to quote my longtime colleague Dr. Steve Albrecht, “If you set standards too high, you may be inadvertently giving an employee two choices in his mind—to fail or to lie.” Your job in establishing antifraud standards, then, is to make them clear and reasonable. More on that later.

MEASURING THE LEVEL OF OCCUPATIONAL FRAUD AND ABUSE

Since the goal of the antifraud professional is to reduce the losses from these offenses, measuring progress in the traditional sense might be difficult. We have clearly established the reasons why—we only know about the frauds that are discovered.

As discussed in the introduction to this book, the certified fraud examiners who participated in the 2011 Global Fraud Survey estimated that the typical organization loses about 5 percent of its gross revenues to all forms of fraud and abuse in the workplace. Considering everything we know, it may be the best number we can use for the present. It at least gives organizations a rough measure of their potential exposure. Whether that exposure is ever discovered is a different matter. We have seen examples of occupational fraud in this book that have gone undetected for years. Except for a fluke of circumstance, many of them could still be thriving today. That, of course, is the most troublesome aspect of many occupational fraud schemes: The longer they go, the more expensive they become. People who start committing fraud will generally continue unless there is a compelling reason to quit.

On an organizational basis, one good indicator of the real risks of fraud is what has happened in the past. Surprisingly few organizations—especially the smaller ones—make any effort to gather historical, fraud-related data: How many offenses occur, what are the losses from each, and what patterns emerge, if any? But remember, this data will not tell you the size of the iceberg, only the size of the tip. Most important, though, gathering historical fraud information will tell you whether the iceberg is growing or melting.

The Human Factor

The diverse case studies in this book have one common element: human failings that led trusted people to violate that trust. Were these employees, from those in the mailroom to those in the boardroom, all simply greedy? Were they all simply liars? Did they always have defective morals that just surfaced when their honesty was tested? Or were they mistreated, underpaid, and only taking what they considered to be “rightfully” theirs?

The answer, of course, is that it depends. Crime is a complex tapestry of motive and opportunity. The Sultan of Brunei, one of the world's richest men, may have unlimited opportunity to defraud people. But does he have the motive? Contrarily, the minimum-wage cashier may be very motivated to steal in order to keep his lights turned on. But if he is constantly aware that his cash drawer may be counted by surprise, he may not perceive the opportunity to do so. In any antifraud effort, we must always keep in mind that no one factor will deter occupational fraud; we must attack the problem on several fronts.

Greed Michael Douglas uttered the now-famous line from the movie, Wall Street: “Greed is good.” While some may debate whether that is true, there is little debate that greed is certainly a factor in occupational fraud. Indeed, students of this subject are most likely to describe embezzlers and their ilk by that one single word: greedy.

The problem with that definition of a fraud motivator is that it is subjective and begs for the response, “Greedy? Compared to what?” Most of us consider ourselves greedy to some extent; it is, after all, a very human trait. But there are many greedy people who do not steal, lie, and cheat to get what they want. And how can we measure the amount of greed in any way that will become a predictor of behavior? In sum, there is little we can say about greed as a motive that will help us detect or deter occupational fraud.

Wages in Kind In nearly all the case studies in this book, one common thread prevails: Those who chose to commit fraud against their employers felt justified in doing so. A perfect example is the case of Bob Walker, the cashier who began stealing to get even with his employer. Walker had been demoted from a management position to head cashier at his store, a move that included a $300 cut to his monthly pay. Feeling morally justified in his theft, Walker went on to process over $10,000 in false refunds—much more than what his demotion cost him in lost wages.

For the purpose of detecting and deterring occupational fraud, it does not matter whether the employee is actually justified, but simply whether he perceives that he is. Your prevention efforts must begin with education of employees and staff, attacking this misperception on all fronts—the morality, legality, and negative consequences of committing occupational fraud and abuse.

Employers must also understand the concept of wages in kind. I can remember a perfect illustration from my days as an antifraud consultant in the 1980s. A local banker heard me give a speech on fraud prevention, and he later called me. “We have a hell of a time with teller thefts,” he confidentially admitted. “I would like to hire you to evaluate the problem and give us some solutions.”

I spent several days in the bank, going over the accounting procedures, the history of teller thefts, the personnel policies, and the internal controls. I also interviewed bank supervisors, head tellers, and the rank-and-file. The interviews were particularly revealing.

When it came time to give my report, the banker requested that I meet with his entire board to deliver my conclusions orally and respond to questions. I tried to be as diplomatic as I could, but when the veneer was stripped away, it wasn't a pretty picture. The reason the bank was having problems with teller thefts was because they (1) had inadequate personnel screening procedures, (2) had no antifraud training whatsoever, (3) paid inadequate wages to persons entrusted with drawers full of money, and (4) were perceived by the employees as cheap and condescending. When I finished my presentation to the board, I asked for questions. The silence was deafening. After I stood there for what seemed like eternity, my banker colleague meekly thanked me for my suggestions and told me they would call. They didn't.

Employers must be educated in the concept of wages in kind. There are three basics that are absolutely necessary to minimizing (not eliminating) occupational fraud and abuse. First, hire the right people. Second, treat them well. Third, don't subject them to unreasonable expectations.

Unreasonable Expectations If you have carefully evaluated the case studies in this book, you should have empathy with at least some of the situations that led to an employee deciding to commit fraud. Ernie Philips's situation, for example, reads like the scenario for a Movie-of-the-Week. While trying to support a wife and six adopted children, Philips was forced to undergo several back operations that kept him away from work. He then became addicted to the pills that he was given to alleviate the pain from those operations. His CPA practice was on the verge of folding, and he suffered from depression, as well as from chronic anxiety. Under such dire circumstances, how many of us might resort to forging checks in order to get by?

In my view, employers sometimes have unreasonable expectations of their employees that might contribute to occupational fraud and abuse. First of all, employers frequently expect their employees to be honest in all situations. That belies the human condition. According to Patterson and Kim in The Day America Told the Truth, a full 91 percent of people surveyed admitted to lying on a regular basis. Thankfully, most of these lies have nothing to do with fraud. But it must be remembered that though not all liars are fraudsters, all fraudsters are liars. Our approach to deterrence therefore must be not to eliminate lying (something that simply cannot be done), but to keep lies from turning into frauds.

It is easy to see how anyone can confuse the two concepts of lying and fraud. When we lie to our family, our coworkers, our superiors, and our customers, these are typically deceptions motivated by the human desire to tell people what they want to hear—“My, you look nice today!” So keep your eye on the ball: We want to deter fraud specifically; we don't have the time or ability to reform humanity. And deterring fraud requires some understanding.

UNDERSTANDING FRAUD DETERRENCE

Deterrence and prevention are not the same thing, although we frequently use the terms interchangeably. Prevention, in the sense of crime, involves removing the root causes of the problem. In this case, to prevent fraud, we would have to eliminate the motivation to commit it, such as the societal injustices that lead to crime. We as fraud examiners must leave that task to the social scientists. Instead, we concentrate on deterrence, the modification of behavior through the perception of negative sanctions.

Fraud offenders are much easier to deter than run-of-the-mill street criminals. Much violent crime is committed in the heat of the moment, and criminologists agree that such crimes are very difficult to stop in advance. But fraud offenders are very deliberate people, as you have seen in this book. At each stage of the offense, they carefully weigh—consciously or subconsciously—the individual risks and rewards of their behaviors. For that reason, their conduct is easier to modify.

The Impact of Controls

Throughout this book, you have witnessed situations that could have been prevented by the most basic control procedure: separating the money from the record-keeping function. However, in many cases it seems that accountants and auditors expect too much from internal controls. After all, many internal controls have nothing to do with fraud. Others are only indirectly related. Furthermore, many internal controls can be overridden. My view is that internal controls are only part of the answer to fraud deterrence. However, some do not share that view. They argue that if the proper controls are in place, occupational fraud is almost impossible to commit without being detected.

The Perception of Detection

As alluded to throughout these pages, the deterrence of occupational fraud and abuse begins in the employee's mind. The perception of detection axiom is as follows:

The logic is hard to dispute. Exactly how much deterrent effect this concept provides is dependent on a number of factors, both internal and external. But as you can see, internal controls can have a deterrent effect only when the employee perceives that such a control exists and is for the purpose of uncovering fraud. “Hidden” controls have no deterrent effect. Conversely, controls that are not even in place—but are perceived to be—will have the same deterrent value.

How does an entity raise the perception of detection? That, of course, varies from organization to organization. But the first step is to bring occupational fraud and abuse out of the closet and deal with the issue in an open forum. Companies and agencies must be cautioned that increasing the perception of detection, if not handled correctly, will smack of “Big Brother” and can cause more problems than it solves. But organizations can take at least six positive steps to increase the perception of detection.

Employee Education Unless the vast majority of employees are in favor of reducing occupational fraud and abuse, any proactive fraud deterrence program is destined for failure. It is therefore necessary that the entire workforce be enlisted in this effort. Organizations should provide at least some basic antifraud training at the time workers are hired. In this fashion, the employees become the eyes and ears of the organization and are more likely to report possible fraudulent activity.

Education of employees should be factual rather than accusatory. Point out that fraud—in any form—is eventually very unhealthy for the organization and the people who work there. Fraud and abuse cost raises, jobs, benefits, morale, and profits, as well as the integrity of those who perpetrate them. The fraud-educated workforce is the fraud examiner's best weapon—by far.

Proactive Fraud Policies When I ask most people how to deter fraud, they typically say something like this: “In order to prevent fraud, we must prosecute more people. That will send a message.” There are two notable flaws in this well-meaning argument. First, there is nothing proactive about prosecuting people. As some in Texas would say, it is like closing the barn door after the cows have escaped. Second, whether it really sends much of a message is debatable. This concept is called “general deterrence” by criminologists. As logical as the idea sounds on its face, there are no data—out of scores of studies—that show it actually works.

Without getting into the intricacies of criminological thought, punishment is believed by many experts to be of little value in deterring crime because the possibilities of being punished are too remote in the mind of the potential perpetrator. Think about it for a second. If you were debating whether to commit a crime (of any kind), the first question that comes into your mind is: “Will I be caught?” not “What is the punishment if I am caught?” If you answer yes to the first question, you are very unlikely to commit the offense. That makes the punishment moot, no matter how severe it is.

The foregoing is not to say that crime should not be punished. Quite the opposite—it is something that must be done in a civilized society. But remember that the primary benefit of any type of punishment is society's retribution for the act, not that punishment will deter others.

A Higher Stance Proactive fraud policies begin simply with a higher stance by management, auditors, and fraud examiners. That means, as previously stated, bringing fraud out of the closet. At every phase of a routine audit or management review, the subject of fraud and abuse should be brought up in a nonaccusatory manner. People should be asked to share their knowledge and suspicions, if any. They should be asked about possible control and administrative weaknesses that might contribute to fraud. What we are trying to accomplish through this method is to make people subtly aware that if they commit illegal acts, others will be looking over their shoulders.

A higher stance also means making sure that “hidden” controls don't remain that way. Auditors may have a peculiar image to the uninformed. Employees know auditors are there, but they are not quite sure what the auditors actually do. While this attitude can obviously bring benefits if you are trying to conduct your activities in secret, it is counterproductive in proactive fraud deterrence. You must let employees know that you are looking.

Increased Use of Analytical Review If an employee embezzles $100,000 from a Fortune 500 corporation, it will not cause even a blip in the financial statements. And in large audits, the chance of discovering a bogus invoice is remote at best. That is because of the sampling techniques used by auditors—they look at a relatively small number of transactions in total.

But as you can see from the cases in this book, the real risks are in asset misappropriations in small businesses. These, of course, can be—and frequently are—very material to the bottom line. And the smaller businesses are those that benefit the most from the increased use of analytical review. Throughout this book we have presented dozens of proactive computer-aided audit tests that are specifically tailored to the various forms of occupational fraud that we have discussed. These audit tests were accumulated and organized by Richard B. Lanza in his publication Proactively Detecting Occupational Fraud Using Computer Audit Reports,³ and they have been reprinted here with his permission. These tests should be a part of any organization's proactive fraud program.

Surprise Audits Where Feasible The story of Bill Gurado best illustrates the concept of the perception of detection in audits. As you recall, Barry Ecker, the auditor, was simply joking when he told Gurado that an audit was imminent. Based on that false information, Gurado confessed that he had been stealing from his branch. The reason? Gurado was convinced his unlawful conduct was about to be discovered.

The threat of surprise audits, especially in businesses that are currency-intensive, may be a powerful deterrent to occupational fraud and abuse. In case after case, all too many fraud perpetrators were aware that audits were coming, so they had time to alter, destroy, and misplace records and other evidence of their offenses. Obviously, surprise audits are more difficult to plan and execute than a normal audit, which is announced in advance. But considering the impact of the perception of detection, surprise audits may certainly be worth the trouble.

Adequate Reporting Programs As many of the cases in this book illustrate, adequate reporting programs are vital to serious efforts to detect and deter occupational fraud and abuse. In situation after situation we encountered, employees suspected that illegal activity was taking place, but they had no way to report this information without fear of being “dragged into” the investigation.

Reporting programs should emphasize at least seven points: (1) fraud, waste, and abuse occur at some level in nearly every organization; (2) this conduct costs jobs, raises, and profits; (3) the organization actively encourages employees to come forward with information; (4) there are no penalties for furnishing good-faith information; (5) there is an exact method for reporting, such as a telephone number or address; (6) a report of suspicious activity does not have to be made by the employee to his immediate supervisor; and (7) reports of wrongdoing can be submitted anonymously.

A hotline is considered by most professionals to be the cornerstone of an employee reporting program. According to some studies, about 5 percent of hotline calls are actually developed into solid cases. But in many instances, these schemes would not have been discovered by any other method. And as the data from the ACFE 2011 Global Fraud Survey shows, tips from various sources (employees, vendors, customers, and anonymous) are the most common means by which occupational fraud is detected. According to this survey, 43 percent of fraud cases in the survey were initially detected by tip. This statistic underscores the necessity for an effective whistleblower mechanism in every organization.

Hotlines also help to increase the perception of detection. An employee who is aware that his nefarious activities might be reported by a coworker will be less likely to engage in such conduct. One final advantage of a hotline is that it helps corporations comply in part with the federal Corporate Sentencing Guidelines.

THE CORPORATE SENTENCING GUIDELINES

The promulgation of the Federal Sentencing Guidelines was one of the most dramatic changes in U.S. criminal law. Not only did the sentencing guidelines seek to make punishments more uniform, but they also increased the severity with which convicted defendants are punished. Additionally, under the Sentencing Guidelines, if a convicted organization has an effective compliance program in place at the time of its offense, the sentencing judge will consider the entity's acts of due diligence in trying to prevent the illegality when deciding whether to increase or mitigate the organization's sentence. Thus, the Sentencing Guidelines allow organizations to mitigate potentially devastating penalties for crimes by having an effective compliance program in place.

Definition of Corporate Sentencing

Responding to concerns over the wide disparity in federal sentencing, Congress passed the Sentencing Reform Act in 1984. As part of the broader Comprehensive Crime Control Act of 1984, the Sentencing Report Act established the United States Sentencing Commission (USSC), which was charged with promulgating guidelines governing criminal sentencing in federal courts. Once established, the USSC began studying sentences for individuals, and after three years of study, the USSC submitted the draft guidelines for individual defendants for comment and congressional approval. The Federal Sentencing Guidelines for individuals became effective on November 1, 1987.

Shortly after the guidelines for individuals became effective, the USSC began studying sanctions for organizations, even though it had no clear direction to do so. Four years later, the USSC submitted its Proposed Guidelines for Sentencing Organizations for congressional approval, and on November 1, 1991, these guidelines became effective. The underlying philosophy of the Guidelines for Organizations has been characterized as a “carrot-and-stick” approach to criminal sentencing. That is, under the Sentencing Guidelines for Organizations, an organization convicted of a federal offense is eligible for a reduced sentence if it seeks to prevent and disclose certain conduct.

Specifically, the organizational sentencing guidelines offer the potential benefit of a reduced sentence to a convicted organization if it had an effective compliance program in place at the time it committed the offense. Thus, if an organization had implemented and maintained such aprogram, the judge overseeing the case would consider the organization's acts of due diligence in trying to prevent the illegal conduct when deciding whether to mitigate the entity's punishment.

For nearly twenty-five years, the Sentencing Guidelines were mandatory in application; however, as a result of the Supreme Court's 2005 decision in United States v. Booker, the Guidelines are now considered advisory only. Thus, judges must consider the Sentencing Guidelines when sentencing convicted organizations, but they are not required to issue sentences within the range set forth by the Guidelines. However, sentencing judges are still required to examine the adequacy of the entity's compliance program according to the Guidelines.

Vicarious or Imputed Liability

Corporations can be held legally responsible for the criminal acts of their employees under the theory of vicarious liability (i.e., the absolute liability of one party for the misconduct of another party). Under this theory, corporations can be held liable for the actions of their employees if those acts are done in the course and scope of their employment and for the ostensible purpose of benefiting the corporation. The corporation will be held criminally responsible even if those in management had no knowledge or participation in the underlying criminal events and even if there were specific policies or instructions prohibiting the activity undertaken by the employees. In fact, a corporation can be held criminally responsible for the collective knowledge of several of its employees even if no single employee intended to commit an offense. Thus, the combination of vicarious or imputed corporate criminal liability and the Sentencing Guidelines for Organizations creates an extraordinary risk for corporations today.

Requirements

The Corporate Sentencing Guidelines are designed to provide incentives for organizations to maintain internal mechanisms for preventing, detecting, and reporting criminal conduct. Accordingly, the Sentencing Guidelines encourage organizations to establish effective compliance programs and exercising due diligence in seeking to prevent and detect criminal conduct by their officers, directors, employees, and agents. At minimum, the following seven steps are required by the Sentencing Guidelines for due diligence:

1. Have policies defining standards and procedures to be followed by the organization's agents and employees
2. Assign specific high-level personnel who have ultimate responsibility to ensure compliance
3. Use due care not to delegate significant discretionary authority to people who the organization knew or should have known had a propensity to engage in illegal activities
4. Communicate standards and procedures to all agents and employees and require participation in training programs
5. Take reasonable steps to achieve compliance—for example, by use of monitoring and auditing systems, by evaluating the program's effectiveness periodically, and by having, and publicizing, a reporting system by which employees can report criminal conduct without fear of retribution (hotline or ombudsman program)
6. Consistently enforce standards through appropriate discipline, ranging from dismissal to reprimand
7. After detection of an offense, take all reasonable steps to appropriately respond to this offense and to prevent further similar offenses—including modifying its program and appropriately disciplining those who were responsible for the offense and those who failed to detect it

The Sentencing Guidelines provide for both criminal and civil sanctions, and they provide for four types of penalties: fines, restitution, remedial orders, and probation. Under the Guidelines, organizations might face enormous fines ranging up to hundreds of millions of dollars.

THE ETHICAL CONNECTION

Wheelwright defined ethics as follows:

More generally, moralists believe that ethical behavior is that which produces the greatest good and that which conforms to moral rules and principles. Although ethics is often used interchangeably with morality and legality, the terms are not precisely the same. Ethics is much more of a personal decision. In theory, ethics is how you react to temptation when no one is looking.

Fundamentally, there are two schools of ethical thought. The first, adhering to the “imperative principle,” advocates that there are concrete ethical principles that cannot be violated. The second, adhering to “situational ethics” or the “utilitarian principle,” generally advocates that each situation must be evaluated on its own—in essence, that the end can justify the means. Probably the majority of people in modern-day society follow situational ethics. But regardless of one's particular ethical philosophy, the sticky problems exist in defining what constitutes the “greatest good.” It is certainly easy to see how the CEO of a corporation that employs thousands of individuals would rationalize that committing financial statement fraud will help save jobs, thus justifying his conduct to himself as the “greatest good.”

Similarly, an employee can perceive that a major corporation having lots of money will never miss the amount he so desperately needs to keep afloat financially. This was demonstrated in the story of Larry Gunter and Larry Spelber, two employees who saw the opportunity to finance their entire educations by taking six small boxes of computer chips from their employer's warehouse. In a building filled to the brim with computer chips, who would miss six boxes?

And it is no surprise that some of the biggest crooks view themselves inwardly as very ethical; to this day, it is doubtful that Charles Keating views himself as more than a victim of circumstance, regardless of the fact that little old ladies across America have lost every dime they owned.

So the reality is that for most, the “greatest good” invariably turns out to be what is good for the individual making the ethical decision. Is it coincidence? Probably not; ancient and modern philosophers usually subscribe to one of three schools of thought about the essence of people: (1) humans as good, (2) humans as evil, or (3) humans as calculating. In the latter estimation, people will always consistently seek pleasure and/or avoid pain. This is a lesson most of us learn very young.

Behaviorists tell us that the vast majority of our personality has been formed by the age of three. A large part of our personality relates to the values we have, which are instilled in us by our parents and mentors. Without being a cynic (which I admit to), it is highly unlikely that ethical policies—no matter how strong they are—will seriously deter those sufficiently motivated to engage in occupational fraud and abuse.

There is no ethical policy stronger than the leadership provided by the head of the organization. Modeling of behavior occurs with strong influences such as the boss. Indeed, the Treadway Commission specifically commented on the importance of the “tone at the top.” Unfortunately, the formal ethics policies in place right now are thought to exist mostly in large organizations. In the small business—which is much more vulnerable to going broke from asset misappropriations—few of the bosses victimized seem to realize the importance of their own personal example.

When employees hear their leaders telling the customer what he wants to hear, when the small business boss fudges on the myriad taxes he must pay, when the chief executive officer lies to the vendors about when they will be paid, employees note that this behavior is acceptable. So setting an example is the real ethical connection.

A formal ethics policy is recommended for all organizations, regardless of size. They certainly don't do any harm, and they just may provide some deterrence. Furthermore, having an ethics policy makes enforcement of conduct easier to legally justify. A sample Code of Business Ethics and Conduct from the ACFE Fraud Examiner's Manual is in the appendix to this book. Feel free to use the example to develop your own ethics policy. Three things are important regardless of what form your policy finally takes: (1) Set out specific conduct that violates the policy, (2) state that dishonest acts will be punished, and (3) provide information on your organization's mechanism for reporting unethical conduct.

Although some professionals will disagree, I think it is a terrible idea to lace an ethics policy with draconian statements such as “All violators will be prosecuted to the maximum extent allowed by law.” First, even to many honest people, such a statement smacks of a veiled threat. Second, the victim of fraud does not decide criminal prosecution; this decision is made by the state. As a practical matter, your organization has little control, and it is unlikely that many first-time offenders will get more than a probated sentence.

Finally, your organization's ethical policy, whatever it is, can be only as good as the reinforcement it gets. A company that provides just one training program on ethics, never to mention the subject again, cannot expect results, however marginal. So training must be continuous, and it must be positive in tone. Don't preach; instead, keep emphasizing the simple message: fraud, waste, and abuse are eventually bad for the organization, as well as for everyone in it.

CONCLUDING THOUGHTS

Within the pages of this book, many details of occupational fraud and abuse have been revealed. But those searching for a “magic bullet” to detect these offenses are undoubtedly still looking. Indeed, the dream of many in the accounting community is to develop new audit techniques that will quickly and easily point the finger of suspicion. To those innocent souls I wish good luck. Regardless of the ability of computers to automate a great deal of drudgery, there are no audit techniques that have an infallible ability to detect fraud.

Another factor makes the detection of occupational fraud and abuse difficult. Fraud is one of the few crimes whose clues are not unique to commission of the offense. For example, clues in a bank robbery case would be the witnesses who saw the robber, the records reflecting the loss, the security cameras, and such. By contrast, the indicators of a bank embezzlement can be internal control weaknesses, missing or incomplete documents, and figures that don't add up. The problem, of course, is that none of these latter clues is conclusive evidence of fraud; red flags could just as easily turn out to be red herrings.

I am confident that this book will help you detect and deter fraud. But detection can be almost impossible when committed by someone clever, and motivated, enough to hide his tracks. For those of us who are fraud examiners, that fact is sometimes hard to swallow. If you are the best fraud examiner in the world, you will detect some cases and resolve them. But you'll never get them all, no matter how hard you try.

In putting forward your best efforts to detect fraud, you'll sometimes be tempted to try too hard. You will weigh in your mind whether you should take an unauthorized look at the suspect's bank account; you'll wrestle with the dilemma of whether to secretly check the fraudster's credit records. Don't do it.

Overreaching an investigation or fraud examination is the quickest way to ruin it. Not only will you be unsuccessful in proving your case, you will subject yourself to possible criminal and civil penalties. If you get to a point in a fraud examination when you don't know what to do, stop. Resolve all doubt in favor of your suspect, or check with counsel on the next step.

In a perfect world, we would probably abandon our efforts to detect fraud and concentrate exclusively on deterrence. As we all know, prevention of any problem—from cancer to crime—is usually cheaper and more effective than the aftermath. In the area of occupational fraud, for reasons we have discussed extensively in this book, deterrence can work better than for nearly every other type of crime.

Deterrence, as we have explicitly stated, is much more than internal control. And we accountants concentrate primarily on those controls to deter fraud. As history has witnessed, it is an inadequate effort. For a number of years I have advocated the concept of the Model Organizational Fraud Deterrence Program. Under the program, we in the audit community would invest the resources to find out what works in organizations that don't have much of a problem with occupational fraud and abuse. What works will be a combination of both accounting and nonaccounting factors. We know some of the factors already, but we need to know more. From new research, we would then develop a complete checklist of the model organization, and use that checklist to audit against. Then the external auditor would attest to the organization's compliance with the model, not to whether the auditor has uncovered material fraud. The latter approach, adopted by the accounting community now, is bound to drive up the cost of the audit and the price of litigation.

So the bad news is that we cannot audit ourselves out of the occupational fraud and abuse problem. But the good news is that there are a multitude of new approaches we can try. Some of them are in this book—which is but a beginning.

SUMMARY

Abusive conduct, which includes fraud, is difficult to define and quantify. This conduct will exist at some level in all organizations. Setting standards of conduct too high can cause employees to fail or to cheat. The level of occupational fraud and abuse is difficult, if not impossible, to accurately measure. Crime is a complex formula that involves not only opportunity, but motives. Greed alone is an inadequate explanation for fraud because it is a natural human trait that exists, to varying degrees, in everyone, and because it cannot be quantified.

“Wages in kind” are taken when employees, who feel mistreated or underpaid, attempt to make up the difference through fraudulent and abusive conduct. Fraud prevention implies removing the root causes of fraud, such as economic conditions. Deterrence is the modification of behavior through the threat of negative sanctions. Controls, per se, don't deter fraud; it is the perception in the mind of the potential perpetrator that his conduct will be detected that provides the deterring effect.

The U.S. Corporate Sentencing Guidelines hold the company liable for the criminal conduct of its employees, and recommend stiff sanctions unless the company has actively tried to prevent fraud from occurring.

The “tone at the top” provides a stronger message to employees than any written ethics policy. History has clearly demonstrated that auditing alone will not deter fraud; new approaches must be considered.

ESSENTIAL TERMS

Abusive conduct Counterproductive, fraudulent, or other activities of employees that are detrimental to the organization.

Wages in kind The actions taken by employees to right what they perceive as workplace wrongs through counterproductive behavior, including fraud and abuse.

Fraud prevention Removing the root causes of fraudulent behavior, such as economic deprivation and social injustices.

Fraud deterrence Discouraging fraudulent activities through the threat of negative sanctions.

Perception of detection The likelihood, as perceived by an employee, that his fraudulent conduct will be discovered.

Corporate Sentencing Guidelines A U.S. federal law passed in 1991 that provides recommended sanctions for organizations that have engaged in criminal conduct. The sanctions can be mitigated if the organization can prove that it complied with one or more of seven steps designed to prevent or deter fraud.

Vicarious or imputed liability A legal theory that holds the organization liable for the criminal conduct of its employees.

Imperative ethical principle The belief that concrete ethical principles exist that must not be violated (e.g., the end does not justify the means).

Utilitarian ethical principle The belief that each behavior should be evaluated on its own merits (e.g., the end justifies the means).

REVIEW QUESTIONS

17-1 (Learning objective 17-1) What is “abusive conduct”?

17-2 (Learning objective 17-2) Why is attempting to achieve perfection in the workplace not desirable?

17-3 (Learning objective 17-3) Why is it difficult or impossible to measure the actual level of occupational fraud and abuse within organizations?

17-4 (Learning objective 17-4) Why is greed an inadequate explanation as the motive for occupational fraud?

17-5 (Learning objective 17-5) What is meant by “wages in kind”?

17-6 (Learning objective 17-6) What is the difference between fraud prevention and fraud deterrence?

17-7 (Learning objective 17-7) What is the significance of the “perception of detection”?

17-8 (Learning objective 17-8) What are some of the factors that may help increase the perception of detection?

17-9 (Learning objective 17-9) Why are adequate reporting programs so important to fraud deterrence?

17-10 (Learning objective 17-10) What are the key elements of the Corporate Sentencing Guidelines?

17-11 (Learning objective 17-11) What is ethics?

DISCUSSION ISSUES

17-1 (Learning objective 17-1) Why do employees engage in abusive conduct against organizations?

17-2 (Learning objective 17-2) How are employees likely to react to unreasonably restrictive rules in the workplace?

17-3 (Learning objective 17-3) What are some of the ways an organization might improve measurement of the level of occupational fraud and abuse?

17-4 (Learning objective 17-4) Since everyone is greedy to some extent, why do only some individuals engage in fraudulent activity?

17-5 (Learning objective 17-5) What actions might an organization take to prevent the taking of “wages in kind”?

17-6 (Learning objective 17-6) Why should fraud examiners seek to deter fraud rather than prevent it?

17-7 (Learning objectives 17-7 and 17-8) How do internal controls impact the “perception of detection”?

17-8 (Learning objective 17-9) What is the most essential element of an adequate reporting program? Why?

17-9 (Learning objective 17-10) What basic procedures should an organization follow in order to fulfill its due diligence responsibility as it relates to the Corporate Sentencing Guidelines?

17-10 (Learning objective 17-11) What is meant by “tone at the top”?

ENDNOTES