By Brian R. Hook
With the number of new cases of fraud increasing, Angela Morelock, who has been investigating fraud for the last 13 years, says she has never seen it as bad as it is right now. “We are seeing an enormous number of fraud cases,” Morelock says.
As a partner at BKD LLP, Morelock leads the firm’s forensic accounting and investigation team. BKD is a top 10 CPA and advisory firm with 32 offices serving clients in 50 states. She often works with St. Louis companies to detect embezzlement.
No business is immune from the risks associated with fraud. Companies lost 7 percent of their annual revenue to fraud in 2008, compared to 5 percent in 2006, according to the Association of Certified Fraud Examiners. “The idea of the average company losing 5 to 7 percent of revenue to fraud is astonishing,” Morelock says.
The anti-fraud organization found that the median loss caused by fraud in 2008 was $175,000. More than one-quarter of cases involved losses of at least $1 million.
It is not only large companies that are at risk. Morelock says the cases that she investigates run the gamut from small mom-and-pop businesses, where the bookeeper has embezzled hundreds of thousands of dollars, to large organizations, where a senior level executive might have stolen millions of dollars through fraudulent behavior.
Morelock is called in when a company or organization first suspects fraudulent activity. The first step is to try and determine how much money was embezzled. She provides a report that gives the firm’s opinion of the loss amount, along with all of the supporting documents. If fraud was committed, she will then testify in any civil or criminal trials. “We follow our cases from beginning to end,” Morelock says.
Prevention is Key
Morelock splits her time between fraud investigation and fraud prevention activities. Since she says education is often the key to prevention, she provides around 100 training sessions per year. She also helps companies identify weaknesses and processes in control systems that might allow someone to perpetuate embezzlement.
“Almost everywhere we go, we find holes in the process and certainly in every embezzlement case that we investigate there is some weakness that has allowed a person to take advantage of the process and embezzle money without being detected,” she says.
It is often hard to convince company leaders to accept that their firm could be at risk of fraud. “Everyone likes to believe that this wouldn’t happen to them,” she says.
Role of Technology
Morelock uses technology, like data mining, to help uncover some fraudulent activity, like uncovering fake invoices, for example. But she says fraud prevention can not be found inside a computer. “There are people out there who believe that we can program computers to find this stuff and ensure that it doesn’t happen,” she says. “But the truth of the matter is embezzlement and fraud prevention is not just inside the computer.”
Most of the fraudulent activity occurs with a company because there are weaknesses in the internal control processes, such as cash disbursement, where the bills are paid, or with payroll, Morelock says. “Regardless of what kind of computer system you have, if the person who is responsible for setting up vendors, sets up a fake vendor and you are processing fake payments, the computer system is not going to detect that.”
While technology cannot prevent all cases of fraud, a lack of proper procedures can make a company and its information-technology system more susceptible to fraud. “My advice would be to make IT security a critical part of their business strategy,” says Tim Beranek, a partner at BKD who leads the technology group in the St. Louis office.
Beranek helps set up risk-management systems. He says the first step is an IT risk assessment, which addresses the types of IT assets and the related risks and controls. He says controls start with policy statements. The next step is procedures that execute those statements followed by compliance to make sure the policies are followed correctly.
Beranek sees more cases of low-tech fraud than high-tech fraud. “There is nothing high tech about sharing your password with the wrong person or not having password policies in place that require the password to expire every 30 days,” he says.
Companies need to recognize that fraud is a risk and put a plan in place to mitigate that risk, Beranek says. Then it comes down to testing and compliance.
Recognizing the warning signs is also important to uncovering fraud. Morelock says that lifestyle clues of employees that are perpetuating embezzlement are often some of the best warning signs that a company will have if fraud is being committed.
Morelock points to a case in Springfield she investigated where a longtime employee of the municipal court had stolen $1.3 million. The manager of the municipal court was not depositing part of the cash every day for ten years. A rumor inside the municipal court was that the long-time employee had inherited a large sum of money.
“We hear that rumor a lot,” Morelock says. “The person that has been embezzling all this money has to explain sudden changes of lifestyle.” Often the embezzlers tend to have compulsive shopping habits or spread money around the office with lavish gifts.
“The business world has to get better at watching for lifestyle clues, because fraudsters are often big spenders and like to show off fancy automobiles, jewelry and clothes,” Morelock says, adding it is not unusual to see gambling or drug problems.
Every company is at risk, Morelock says. “We see embezzlement everywhere. It is not limited to big cities and large companies. It is not limited to small towns and small business. It is across the board.”