Fraud can be devastating for any business, and when you’re a small practice it can tear you apart financially and emotionally, as optometrist Jessica Chi found out. While it’s impossible to 100 per cent protect your practice from being defrauded, there are steps you can take to minimise the risks and prepare yourself in case it occurs.
mivision spoke to Ms. Chi about her experience with fraud. Then we consulted business experts Mark Overton and Storm Carnie for some practical steps you can take to avoid going down the same path.
According to the global anti-fraud organisation – the Association of Certified Fraud Examiners (ACFE) – small and medium-sized businesses are the most common victims of organisational fraud.
Indeed, small businesses report 30 per cent of all instances of fraud – a higher rate than for larger businesses – and suffer greater losses in relation to their size, with the median loss for small business estimated to be over AU$200,000. Sixty per cent of small business fraud victims did not recover any of their losses.1
When Melbourne optometrist and mivision contributor Jessica Chi experienced employee fraud, she was fortunate to recover all of her losses. However the process of recovery cost her money, valuable time, and was emotionally draining.
It was my accountant who alerted me that my accounts were out – significantly out
At the time, Ms. Chi had been the practice owner of Eyetech for three years. The employee who had committed the fraud had worked in the practice for nine.
“It was my accountant who alerted me that my accounts were out – significantly out,” said Ms. Chi. “At that time, as an optometrist, I’d had little experience running a business. I understood my strengths and weaknesses, and I avoided tasks that I found boring, or tasks that I was not good at. I was more interested in seeing patients, testing eyes, fitting contact lenses and building my patient base. While the other stuff – the books, the accounts, the administration – were part and parcel of the business, I had little interest and was happy to leave it all in the hands of the efficient, organised, and diligent practice manager who was working in the practice when I purchased it.”
Ms. Chi said until her accountant’s call came through, she thought she had struck gold.
“There were a lot of processes I did not know how to do, but that was fine because I trusted him implicitly to do them for me. When I asked if I could assist, or for him to show me what to do, he said hastily no – he knew I was busy, he knew my time was better spent doing other more important things. I felt so lucky to have such a diligent employee.”
Ms. Chi’s practice had just one bank account and a credit card for purchases, and both directly ported into the financial accounting system known as Xero. Despite this relatively simple financial process, the discrepancy had gone unnoticed.
“Those who run their own practice understand that volumes of money flow in and out and reports can be complex, especially as individual jobs can be paid with multiple transactions.
“I assumed any discrepancies in the books were due to misinterpretations, or to the fact that I, along with my accountant and book keeper were learning to use the Optomate practice management system. Together we were learning to read the reports.”
Having alerted her to a potential issue, Ms. Chi’s accountant instructed her to monitor every transaction for a month, add them up every day, and cross-reference them with her bank account. Sure enough, she soon discovered that some receipted amounts for individual transactions were never deposited.
“I thought it could have been the Eftpos machine short changing me, or perhaps something going wrong with Hicaps or Optomate. At no time in the early stage of my investigation did I suspect my employees and because I had no suspicion, I spoke openly with them about the discrepancy, hoping they could shed some light on the situation.”
TAKEN FROM WITHIN
The more Ms. Chi delved, the more obvious it became that the money had been taken from within.
“My practice manager became evasive and I caught him out on a few lies. As my star employee, I really didn’t want to believe that he could be doing anything wrong, so I rang a few patients whose transactions had mysteriously not made it to my bank account and asked them to send a copy of their eftpos receipts or credit card statements. Despite their transactions being coded as credit payments on our system, they all told me they’d paid cash.”
Over three years, Ms. Chi’s practice manager had defrauded her 250 times. When customers paid cash, he had issued receipts then deleted them prior to doing the banking. Later, he would backdate and re-enter them as credit card transactions.
The discovery came as a complete shock.
“I was on an emotional rollercoaster. The initial shock was followed closely by feelings of denial, betrayal, anger, disbelief, grief, sorrow and regret. I spent days trying to disprove what I had learnt about my employee who I had come to consider as a friend. When there was no other explanation, I blamed myself – I hadn’t paid him enough, I hadn’t made him feel appreciated, he did not like working for me.”
Without realising it, most fraud follows a pattern…
Of course logically, Ms. Chi knew none of this was true. She had treated him well and he had defrauded her. She also knew she had to take action.
“I was advised to engage a lawyer or go to the police. I was also informed that if I went to the police they would begin a criminal investigation, which could drag out for a long period. I’d have more chance of recouping my money if I went to a lawyer.”
Importantly, Ms. Chi was advised to be careful with the way she managed her employee in case she found herself charged with unfair dismissal.
“I thought the suggestion was ridiculous – he was stealing from me, and yet I could be charged for unfair dismissal – but I took the advice seriously nevertheless.”
Ms. Chi and her lawyer agreed to press the employee to repay the money and failing that, to sue him. Fortunately, a quick outcome was achieved.
“I remember my lawyer telling me he had confessed and agreed to repay me. Then he called to say the money had hit his bank account. He was so surprised – it was by far the fastest settlement he had ever accomplished.
“I feigned happiness to satisfy his expectations. But really, I felt empty. The money is nice to have – but that’s not why I do what I do. I had lost my trusted employee, a friend – and I had been betrayed.”
PLAYING CATCH UP
Ms. Chi said in the immediate aftermath of the investigation, work was extremely difficult to manage.
“At the time, my only other staff member was a casual. She arranged to work a few more hours and being close to the university, I was able to get some students to help while I employed a new practice manager. Even so, there were many hours when I worked alone, trying to see patients, manage the front, phones, etc, and learn all the processes. We kept the appointment book loose and did not do recalls.
“Patients still ask for my practice manager and it feels like a constant kick in the gut. I have told very few of them what happened, however I have shared my story with colleagues, and the frightening thing is I am not alone. This has happened to many others, and will happen to many more.”
SURVIVE AND PROSPER
There’s no doubt that the last few years have been a steep learning curve for Ms. Chi, and she admits to having plenty of regrets.
“I regret my ignorance and my naivety. What I have learnt is to not have blind trust – but instead a healthy level of cynicism. The best way to prevent this from reoccurring is to eliminate the opportunity.
“Delegation is key to running a business, however to delegate without understanding is simply stupid. As the practice principal I need to understand every process.
“I remind myself this was a great lesson, and I am relatively lucky – at least I got my money back, and it was as painless an experience as it could be… It wasn’t easy, nor was it fun. But the business has survived and so have I.”
Fraud prevention experts often refer to the 10-10-80 rule: 10 per cent of employees will never steal, 10 per cent will always steal, and 80 per cent will go either way depending on the circumstances.2
Additionally, they refer to the ‘fraud triangle’ – the three motivations for committing fraud:
- Motive – eg. the need for money,
- Opportunity – this is often when internal controls are weak,
- Rationalisation – the excuses employees use to justify their actions (eg. I’m underpaid or everyone else does it).2
According to business consultant Mark Overton, there are several ways in which an employee can commit fraud:
- Billing – the employee makes changes to invoices and sales entries that are favourable for themselves or a related person,
- Cheque and payment tampering – when processing payments to the practice, the employee changes or diverts them,
- Skimming – incoming payments are stolen before being recorded by the practice,
- Cash larceny – the employee steals income from daily receipts before they are deposited in the bank,
- Payroll – the employee causes the practice to issue a payment by making false claims for wages or salary,
- Non-cash – stock is stolen, and/or assets are misappropriated, either before or after being recorded.
PROTECT AND PREVENT
Understanding the signs and symptoms of fraud is critical to protecting your practice and according to Mr. Overton, once understood, they’re not too difficult to observe.
What’s Your Risk?
Mr. Overton says being aware of your organisation’s fraud risks by industry, region, and size will provide you with an insight into the anti-fraud measures to put in place.
“It’s also important to have well documented statistics for your own business, particularly relating to the profitability of goods and product/service sales. By understanding what is normal for your practice and other practices like yours, you can regularly compare your key performance indicators in an effort to find change. If you can’t explain a change in your business reporting, don’t let it pass until you can explain it,” he said.
You also need to regularly monitor and cross check banking records against practice records. “Banking record cannot be altered by employees but practice records can. The incoming and out-going money in the practice software, accounting programs, cheque books, and bank accounts should all be consistent and should match.
“Additionally you need to keep a close eye on merchandise. Optometry practices have valuable stock items that are easily removed. Some stock loss is common, but any missing stock needs to be accounted for.”
Know Your People
“People can end up in a very difficult financial situation and the temptation to use a stream of money right in front of them, sometimes with the intention to pay back, can be too great. Credit cards, drug/ alcohol abuse, and gambling can all create severe financial strain for employees.”
So too can an insatiable desire for luxury. “If you have an employee on $45,000 per annum with a partner who is a factory worker, and they own a race horse or they’re taking six week yachting holidays in the Hayman’s every year, you should pay close attention,” said Mr. Overton.
As we know, people are creatures of habit – they have biases and perceptions that shape what they do – and these can help when it comes to identifying in-house fraud.
“Without realising it, most fraud follows a pattern that can be detected over time. Discrepancies occur in common time frames, with the same regularity, or similar amounts. Nobody steals AU$53.67 – it is usually $50, $100 or similar,” he said.
And over time, the constant fear of being found out can take its toll. “There are a variety of ways in which this stress can show itself, but any change in employee behaviour is worth considering for all sorts of reasons. Possessively hanging on to roles like stock ordering, reluctance to provide reports, and unusual responses to enquiries can be symptoms.”
So too can a refusal to take leave. “The worry about being found out can lead an employee to accumulate leave and show a reluctance to be absent from the workplace. When they do take leave, often the symptoms go away, and profits improve, or stock losses slow.”
GET EXPERT HELP
It takes time and knowledge to sift through the information and to pick up on problems.
Having insurance and specific cover for staff dishonesty can alleviate the financial losses in some circumstances, however like any insurance, you can’t backdate and cover pre-existing conditions if you don’t have the cover from the onset.
Serious human resource matters can be complicated and need to be managed in the right way to avoid problems. If you detect in-house fraud, don’t be tempted to sort it out yourself. You may not be in the right frame of mind to appreciate the full implications and technical requirements for achieving a good result.
- www.incorp.com/help-center/business-articles/ employee-theft-and-fraud-part2
Your Fraud Response Plan
No matter how well you protect yourself from the risk of fraud, it can happen. As a small practice owner, it’s unlikely that you have a security and risk department within your organisation to handle the problem.
To minimise the damage, you need to take action quickly and safely. A fraud response plan for your business can help you do this.
The purpose of your plan is to pre-emptively prepare you for what you need to do in the unfortunate event that you detect suspicious activity. For a small business with limited expertise in fraud, it will act as a living document to assist in recording initial observations and actions taken under specific circumstances as they unfold. This will be particularly useful for staff during times of heightened levels of stress and anxiety.
Your fraud response plan should be user friendly and should include space to record the following:
- Initial observations,
- Initial assessment, and
- Action decided.
It’s also important for this document to advise who in your business is responsible for taking action and making decisions. If a frontline member of staff is recording initial observations, ensure they have a clear and documented instruction detailing who this is – it may be a manager, director, and/or business owner, depending on the size and dynamics of your business. Once a possible fraud is observed, this person should manage the response plan.
Initial observations related to the detection of suspicious activity such as potential suspects, the nature of suspected fraud, notes of conversations, dates, etc should be detailed here. Ensure all information entered is done so promptly, and is signed and dated as best practice.
Businesses that employ a human resources advisor, or who have access to legal advisors, should engage these positions to assist with completing the initial assessment. The purpose of the initial assessment is to determine whether the suspected fraud is considered particularly complex, significant, and/or sensitive, and whether there is potential for financial recovery. It should also be noted at this point whether or not the suspicious activity has ceased and whether there is any risk of the activity continuing or re-commencing.
Once the initial assessment has been completed, your practice will be better placed to determine the most appropriate way to manage the situation.
The section for action decided should include the decisions reached on the next steps to take. Your justification for determining the course of action should be summarised within this section along with recommendations put forward by your HR or legal advisor.
The next steps considered as part of your action decided section may include:
- The implementation of local investigation procedures if your business possesses the internal expertise and resources to successfully do so,
- Engagement of an external workplace investigator specialising in fraud to conduct a rigorous analysis of the suspected activity, and/or
- External reporting of the matter through to the appropriate authority such as the police and/or any regulating entity.
At this stage you should also determine whether it is appropriate to terminate the suspected staff member. In doing so, you will need to consider the risks:
- To your business,
- To the health and safety of your staff members, and
- To the preservation of evidence or the integrity of the investigation process.
In times of heightened stress our actions can very easily become fuelled by our emotions. A best practice approach should be that any action taken against a staff member at any stage of the process must not be considered ‘harsh, unjust, or unreasonable’ under the particular circumstances of the case.
Any outcomes of procedures you implement as part of your fraud response, will impact future proceedings such as the need for disciplinary action, possible recovery action, or prosecution. If you do not have experience in these matters, it is recommended that you consult an advisor.
Time to Face Reality
Unless you have been the victim of fraud, it’s easy to think, “it won’t happen to me”.
Does this belief stem from an arrogance (or ignorance) that we are too savvy to enable another to commit such a crime against us?
Do we (perhaps too generously) trust others with our hard-earned resources and reputations because of our own personal integrity – expecting that others are just like us?
Or have we just become so desensitised to the risk of fraud? Because let’s face it, there’s so much risk in everything that we do, fraud isn’t even on the radar in our triage systems?
Whatever the reason, know that inaction is not doing you or your business any favours. Take the time to get to know your business. Identify areas of exposure and implement relevant fraud controls where you are able to. Know what to do and where to go if fraud rears its head on your turf.
Remember, the best recipe for fraud management is ‘prevent-detect-respond’ with a generous (but healthy) dash of vigilance.
Storm Carnie, CPHR is a human resources professional with a broad range of experience in both public and private sector human resource management. Her commitment and dedication to best-practice HR and procedurally fair workplace investigations ensures successful outcomes for businesses she works with.