http://www.dallasnews.com/sharedcontent/dws/bus/columnists/chall/stories/DN-Hall_01bus.ART.State.Edition1.379424e.html By Cheryl Hall The Dallas Morning News April 1, 2007 If you want to keep your business from being a victim of fraud, it helps to think like a crook. And if you aren't worried because you trust everyone you work with, think again. Those words of experience come from Jeff Matthews, forensic and investigative services director at Grant Thornton LLP in Dallas. And there's one thing more. "If you want to know what a fraudster looks like," he says, "look to the person on your right, then to the one on your left, and it will look like the person in the middle. White-collar criminals look like you and me." These days, Mr. Matthew is a busy guy thanks to Enron Corp., WorldCom Inc. and the like. "It's been an amazing ride for the past three years," says the 33-year-old certified fraud examiner, who's helped build Grant Thornton's forensic practice from just him in 2004 to 14 accountants. "We're seeing more fraud come to light. That doesn't necessarily mean there's more or less fraud than before Sarbanes-Oxley. It's just that more people are required to look for it." Mr. Matthews, who earned his accounting degree at the University of Louisiana at Monroe in 1995, received his "master's" in forensics as a 23-year-old investigating political corruption in Louisiana for the state's legislative auditor's office. "We had plenty to do," he says. "It's been an interesting transition for my career from investigating political corruption to working with companies to keep fraud from happening." Stronger focus While the financial aspects of Sarbanes-Oxley have grabbed headlines, C-level execs and audit committees are realizing an underlying obligation: They must ferret out foxes in the henhouse. Financial statements have to be certified as correct and that any fraud and misconduct by management has been disclosed. Further, audit committees must investigate allegations of misconduct brought to their attention. "You have more sanctions and structure," Mr. Matthews says. "They realize they have real obligations to investigate things." Kevin Mann, director of business conduct and compliance at Lennox International Inc., agrees. "With Sarbanes-Oxley, there's much more pressure to put these systems in place. A lot of resources got thrown into this. It was like throwing spaghetti against the wall," he says. "Now companies are starting to focus on some of the real dangers." Starting small And fraud isn't just a worry for the big guys. The Association of Certified Fraud Examiners estimates that, on average, every business in America loses 5 percent of its annual income to employees illegally lining their pockets. "Every company has been baited," Mr. Matthews says, using a fishing analogy for a financial vulnerability that an employee or vendor may have spotted. "The cork bobs a little bit before it goes under. Fraud usually starts small, with just a few nibbles. Then they take the bait, and the scam really starts." The case that sticks out most in Mr. Matthews' mind started with $6.08 every two weeks taken by the controller of an oil and gas company. Over the course of four years, this employee of 20-plus years ramped up his pillaging to $300,000 and $400,000 a swipe, with a total take of $7 million. Why did he do it? He enjoyed the high life. When the company finally took notice and went after him, it recovered six automobiles and two homes worth roughly half what he stole. He went to jail, and the company survived. "It wasn't the size of the loss. It was such a breach of trust," says Mr. Matthews. "The intangible damage that it wreaked upon that company was devastating. They trusted him with the keys to the mansion, and he looted the place." There are heartbreaking cases in which people commit fraud because they need money for a dying relative or a sick child, Mr. Matthew says. "It wasn't a game or for personal gain. Those are tough cases to investigate." Getting the accountants But Mr. Matthews relishes cases that involve accountants. "They document their fraud to the decimal point," he says. "The easiest way to get an accountant to confess is to accuse him of taking a little more than he took. "You can say, 'Mr. Accountant, we have proof that you took $5 million.' And he'll respond, 'Absolutely not, I took only $4.8 million, and I've got records that show it.' " Many companies make themselves vulnerable because they don't adhere to the rules they've put in place. Both Mr. Matthews and Mr. Mann find that remarkable. "Many anti-fraud controls are manual in nature," says Mr. Matthews, giving examples such as getting dual signatures on checks or having a supervisor approve purchase orders. To save time and cut hassles, executives sometimes pre-sign checks or use a rubber stamp. "It's like latches on your cabinets when you're babyproofing," Mr. Matthews says. "They work wonderfully when they're applied appropriately. But if they're lying on your counter because they're a pain to get undone, they're totally ineffective." Mr. Mann says Lennox aims for an atmosphere that deals openly with fraud and misconduct and the consequences. "You want to create a culture where people aren't afraid to talk about it," he says. "Fraud exists in every company. There are always going to be employees, contractors or vendors who try to take advantage of the system. "So you try to build in good controls and an awareness of how people might try to do this." Have trust And managers need to have trust, not faith, Mr. Mann says. Take expense accounts, for example. "Faith is when you don't ask for documentation because you assume people are following the rules. Trust is when you're not afraid to ask." Prevention Starts With Questions What questions should executives and business owners ask themselves to detect, prevent and deter fraud and misconduct in their companies? Jeff Matthews, forensic and investigative services director of Grant Thornton LLP, suggests the following: * If you were to commit misdeeds against your company, how would you do it? How would you get around measures that are in place? Ask senior managers the same questions. "An honest employee will tell you where the weaknesses are and what needs to be tightened." * For C-level executives at publicly held companies: Would your employees say they are under undue pressures to meet analyst expectations or earnings forecasts? Would they think those expectations are reasonable and realistic? "Fear of failure may be so excessive that they'll skirt rules or play in the gray areas to get ahead just a little bit," Mr. Matthews says. * How much fraud is inevitable or acceptable in your organization? Again, the executives' answers should be compared with midlevel managers'. "The CEO or CFO may feel that that no level of fraud is tolerable," says Mr. Matthews. "But when you get down to where the rubber meets the road in the organization, they may have a different perspective." * How confident are you that you would discover fraud within your organization? "Then flip that around and ask midlevel managers how comfortable are they that if they brought fraud or misconduct to senior management's attention, that it would be dealt with swiftly and appropriately." _________________________________________ Visit the InfoSec News Security Bookstore http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Apr 02 2007 - 02:25:37 PDT