A model for prevention and detection of criminal activity impacting small business.

Bressler, Martin S. ; Bressler, Linda A.

ABSTRACT

According to the Federal Bureau of Investigation, the annual cost of business crime activity to the U.S. economy is $652 billion. Additional costs of litigation and security measures suggest the many forms of business crime significantly impact business. While FBI data does not separate small businesses from large corporations, it appears that small business ventures will be susceptible to criminal activity. In fact, the United States Chamber of Commerce reported that business ventures of less than $5 million in sales will be 35 times more likely victims of business crime than larger firms. In addition, 30 percent of small business failures resulted from internal crime and employee dishonesty (U.S. Chamber of Commerce, 1995).

This paper examines the extent of criminal activity affecting small business and nonprofit organizations and provides a three-stage model managers can use to prevent, detect, and remedy criminal activity.

INTRODUCTION

Data suggests significant criminal activity in business ventures. Despite improvements in management and auditing procedures, Accounting Information Systems (AIS) software, and advanced computer technology, criminal activity continues to impact businesses at an alarming rate.

Computerization of small business ventures may actually contribute to increased criminal activity. According to the U.S. Small Business Administration, more than $100 million in losses annually can be contributed to computer fraud (U.S. Small Business Administration, 2000). In 1995, the United States Chamber of Commerce reported the impact of theft and other crimes on small businesses accounted for 30 percent of small business failures (Holt, 1993). In addition, these criminal activities cost consumers up to 15 percent of total pricing for goods and services (Holt, 1993). The University of Florida conducted a study in 1994 (Donnelly, 1994) and found 42.1 percent of inventory shrinkage could be directly attributed to employee theft and poor record-keeping and shoplifting accounting for an additional 32.4 percent.

Forensic accounting articles often focus on large corporations, rather than small business ventures as the financial impact tends to be greater. However, business ventures of all sizes can be potential targets for crimes including money laundering, intellectual property theft, and embezzlement. According to data from the Federal Bureau of Investigation during 1994-2002, the number of intellectual property theft cases increased 26 percent. Small business ventures are not immune to money laundering as monies may be channeled through the business from an employee or third party. FBI data indicates money laundering offenses will often be coupled with additional felonies such as embezzlement, fraud, or drug trafficking.

Fraud may affect other individuals and businesses in addition to the direct victim. For example, fraud resulting from substance abuse increases law enforcement costs. Other agencies and organizations may be affected as well, including costs associated with drug prevention and rehabilitation, crime prevention and court costs. Other businesses and insurance companies may also be affected as well.

Fraud and other criminal activity cannot be confined to the corporate world. Larimer (2006) finds that although businesses across the United States lose more than $652 billion to embezzlement and fraud every year, nonprofits and small businesses may actually lose the most. A 2006 report by the Association of Fraud Examiners reports that while the average loss for employee fraud amounted to $159,000 in 2005, the average loss for businesses with less than 100 employees is found to be actually higher--$190,000 (cited in Larimer, 2006).

Additional crimes under the fraud category include identity theft, collusion, corporate fraud, embezzlement, and use of tax haven countries for illegal activities. Some of these crimes may be more common to large corporations, however, due to increased knowledge and use of high technology, specialized auditor training should be initiated and in many cases staff auditors should be trained as forensic accountants (Manning, 2005; Ramaswamy, 2005). Tom Golden, PricewaterhouseCooper's Midwest investigation manager stated that the need for trained forensic accountants has increased significantly because of recent corporate scandals and media attention (Wells, 2003).

A 1996 study by the U.S. Small Business Administration of 400 small businesses in the six-state area of Michigan, Ohio, Indiana, Illinois, Wisconsin, and Minnesota found 13 percent of businesses experienced at least one crime within the last year. Perpetrators included customer theft, vandals, and burglaries, in addition to employee theft. Many crimes went unreported, and more than half of small businesses did not employ even one protective security measure such as outside lighting, alarm systems, or security cameras (The Small Business Research Summary ISSN 1076-8904).

News articles suggest that fraud activity results in an almost daily event (Gullapalli, 2004). Scandals at WorldCom and Enron devastated employees and investors who relied upon auditors and management (Off to jail, 2005; Schickel, 2005). The importance of auditors being trained to detect fraud methods and in accounting information systems can be noted in New York (Accounting Department Management Report, 2005).

Marten and Edwards (2005) developed the fraud triangle concept involving three elements including pressure or incentive to commit fraud, opportunity, and rationalization. Background and reference checks can be used to minimize the effects of incentive and rationalization while opportunity can be limited through other controls such as authorizations, key control, and surveillance cameras. Prevention can be money well-spent, as Kuratko et al (2000) found small businesses spending on average $7,805 on crime prevention. While this may seem like a significant amount of money, the average loss of $190,000 will be nearly 25 times the cost.

FINANCIAL FRAUD

In a recent audit of HealthSouth Corporation, PriceWaterhouseCoopers found inaccurate revenue and expense reporting and improper accounting of business activities which resulted in fraud charges (Weld, Bergevin & Magrath, 2004). These improper activities were uncovered by forensic accountants through the use of spreadsheet software to conduct statistical and database analysis. Detailed financial auditing required forensic accountants to thoroughly understand the AIS system to analyze receivables and uncover a connection between cash flow and financial performance measures (Bodnar, 2004; Buckhoff, 2004).

Understanding the elements of fraud can be important for forensic accountants (Buckhoff, 2004). Wolfe and Hermanson (2004) developed the fraud diamond model. This model provides different ways to consider fraud risks which include capability, opportunity, rationalization, and incentive. The authors warned fraud examiners not to underestimate perpetrators as they might take advantage of internal control weaknesses. The authors emphasized the importance of auditor's complete understanding the AIS system. This will be particularly important because small businesses likely use the least inexpensive AIS or spreadsheet software available (Bruckoff, & Kramer, 2005; Derby, 2003; Williams, 1997). Forensic accountants would find a thorough understanding of AIS especially important when conducting a fraud investigation and seeking to determine which employees capable of bypassing and/or removing red flags from the AIS system (Kranacher & Stern, 2004; Weber, 1999).

Background Checks

Although it might seem elementary, background reference checks may be one of the most significant preventive measures a company or organization can take to reduce the likelihood of becoming a victim of employee crime. Sometimes, job applicants misrepresent their education or experience. Recently a company preparing to hire a new financial director found that the applicant background check revealed he had neither an MBA degree nor the experience he stated (Business Week).

Small companies and nonprofits may be reluctant to use background and reference checks due to the cost and time involved. One study reported that 30 percent of the workforce actually plans to steal from their employers and an additional 30 percent might, on occasion, also be tempted to steal from their employers (Hogsett & Radig, cited in Kuratko, et al). Together, some 60% of the workforce potentially fuels the internal crime problem.

Cyber-Crime Activity

The rate of cyber-crime increases as companies expand computer systems and Internet business activities. According to a 2000 study by the Computer Security Institute, 85 percent of respondents suffered a computer security breach in the previous year (Computer Crime Losses Controller's Report). While the Internet is rapidly becoming the most common point of attack (70%), a significant portion of activity is occurring through accessing computer systems on-site (Computer Crime Losses Controller's Report).

One study by the Computer Research Institute found the greatest financial loss to business security systems due to virus attacks (The CPA Journal). The most significant financial losses can be attributed to unauthorized access to information, particularly proprietary information (The CPA Journal).

Payroll Fraud

According to the Association of Certified Fraud Examiners (AFCE), 39 percent of fraud activity occurs in business with less than 99 employees (Bank Technology News). AFCE warned that small businesses will be particularly susceptible to payroll fraud. One red flag to watch for would be unusual spikes in the number or size of checks written (Bank Technology News).

Wells (2001) provides several examples of how employees use access to payroll as a means to defraud a company. Some of the criminal techniques include setting up payroll for ghost employees, falsified wages, and commission schemes. Wells (2001) further cited an example of an accounting employee who within months embezzled more than $200,000 as she was the only employee responsible for those accounts.

Forensic Accountant Understanding of AIS & Audit Procedures

Forensic accountants need to be knowledgeable of Accounting Information Systems, the necessary software audit tools, and the AIS software. The importance of audit tools training can be noted in an article by Jackson (2004) which he considered as a necessity for successful forensic accounting. The article cites an example of a faculty member at Boston College, who developed an AIS audit program that triggered additional audit related systems. In addition, the article provided the reader with suggestions for training the forensic accounting staff.

The Association of Fraud Examiners reported some interesting data that might shed light on why fraud is prevalent among small businesses (Colorado Springs Business Journal). First, only 20 percent of internal audit departments conduct surprise audits. Second, less than 10 percent of small businesses possessed anonymous fraud reporting procedures. The AFE reported that businesses not utilizing anonymous reporting procedures suffered losses twice as high as those businesses with anonymous fraud reporting procedures. Larimer (2006) reports that only 30% of fraud cases in small businesses and nonprofits will be prosecuted.

Criminal Activity Investigation

Larger companies note a distinct advantage in criminal activity investigation as they possess resources necessary to carry out investigations. Although smaller companies and nonprofits may not possess an internal audit team, sophisticated technology, computer software, and funding for external audit teams, the cost of employee crime would make it necessary to take extra measures to prevent employee crime. In addition, as nonprofits may be more significantly affected by criminal activities, money spent for prevention and recovery helps insure donor confidence in nonprofit management capability.

Numerous cases exist where nonprofits are victims of employee embezzlement. In California, a church financial manager embezzled more than $800,000 within a year's time (Larimer, 2006). Another cited example refers to the Cheyenne Mountain Zoo, where the financial controller embezzled more than $200,000 (Colorado Springs Business Journal). In each of these cases, fellow employees noted the embezzler living beyond their means which can be a fraud red flag (Silvertone & Sheetz, 2007).

Engagements relating to criminal matters typically arise in the aftermath of fraud. They frequently involve the assessment of accounting systems and accounts presentation--in essence assessing if the numbers reflect reality. Forensic accountants utilize an understanding of business information and financial reporting systems, accounting and auditing standards and procedures, evidence gathering and investigative techniques, and litigation processes and procedures to perform their work. Forensic accountants also increasingly play more proactive risk reduction roles by designing and performing extended procedures as part of the statutory audit, acting as advisors to audit committees, and assisting in investment analyst research (http://en.wikipedia.org/wiki/Forensic_accounting).

Non-Profits as Targets

Non-profits would be especially vulnerable to crimes such as embezzlement as they tend to be too trusting of their membership and lack the typical control procedures more commonly found in businesses. Numerous cases reported in the news suggest that no non-profit will be safe from potential embezzlers. Reports indicate that in many cases the embezzlers found themselves under financial pressure as a result of difficult financial situations, gambling, or other addictive behaviors (The Georgia Bulletin). Two cases of embezzlement in the Milwaukee area, $310,000 and another more than $500,000, could be found fueling the gambling addictions of church volunteers (The Georgia Bulletin).

Researchers at Villanova University surveyed Roman Catholic dioceses across the United States to determine the extent of embezzlement activity affecting the church. Of those dioceses that responded, 85 percent reported cases of embezzlement within the last five years and 11 percent reported cases involving theft of $500,000 or more (The Kansas City Star). Orrick (2006) reports that one couple, who worked for a suburban sports league stole thousands of dollars before being caught. If the league conducted background and credit checks they would have found the couple had filed for bankruptcy protection with $216,580 in debt, primarily from medical bills (Orrick, 2006). Another example includes a hockey coach who embezzled $77,000 from the hockey league to help pay gambling debts (Orrick, 2006).

Third-Party Service Providers

Although a common control procedure could be to hire third-party service providers, particularly for payroll and accounting services, providers may commit crimes against your business, including embezzlement, money laundering, and fraud. In South Bend, Indiana, (Draeger, 2005) reports that a tax preparer not only stole money from one of his client's bank accounts to use money to pay his own debts, he was charged with embezzling $13,000 from the local Baptist church where he is a member.

PREVENTION

The first place businesses should start would be to develop sufficient prevention techniques that can deter the occasional person who might be tempted to steal. These methods include employee background, credit, and reference checks. As many embezzlers will steal in order to pay debts or to subsidize addictions, credit checks may be useful method to screen out applicants prior to hiring. Similarly, substance abuse testing might reveal applicants who could potentially steal in order to pay for drugs. One study even noted that employee theft increases just after the holidays when the impact of debt purchasing begins to sink in. Wells (2003) cites a 2002 Association of Certified Fraud Examiners study that indicates as much as 7 percent of the workforce exhibit a history of workplace theft and fraud.

Proper authorization procedures may also reduce the incidence of employee embezzlement. This also includes training authorizers to carefully scrutinize checks and payments, even when presented by trusted, long-term employees. Key control reduces the number of persons to access of cash, checks, equipment, and inventory.

Prevention measures may also protect the business from outside criminal activity. Procedures as basic as adequate facilities lighting can reduce crime. Security guards, alarm systems, surveillance cameras, and checking identification may also be good prevention methods. Remember to protect your computer system with firewalls and only utilize secure Internet payment sites. When customers pay for products and services use a check authorization service and check customer identification for both check and credit card usage.

DETECTION

In the likely event that prevention procedures will not able to eliminate all potential criminal activity, businesses should also utilize crime detection procedures. Many of these procedures are also relatively simple and inexpensive for the business owner including frequently checking/reconciling bank statements and conducting unscheduled audits. Business owners should also invest in accounting information systems software that provides the user with red flag indicators where there may be potential problem areas. In addition, using inside and outside auditors serves as a check and balance system to reduce the potential for payroll and other forms of accounting fraud.

One of the typical indicators of embezzlement is a significant change in an employee's lifestyle whereby the employee purchases items that would not be consistent with his or her salary level. A recent example involved a California church, where the financial manager purchased an $80,000 diamond. When the appraisal certificate was inadvertently mailed to the church, officials became suspicious (Colorado Springs Business Journal). In another case, (Orrick, 2007) investigators found an embezzling couple who purchased an expensive diamond ring and a $28,000 boat. Police investigators may be especially useful for small businesses and nonprofits as they are experienced in these matters and often possess special training.

According to Yormark, (2004) Sarbanes-Oxley legislation includes provisions that provide employees with additional whistleblower protection. This may encourage employees to speak out when they observe irregularities that might result in new additional fraud investigations. Outsourcing through audit firms or through investigative agencies for more experienced staff members is almost a necessity for smaller firms and nonprofits.

Wells (2003) found that fraud examiners generally possess certain personality traits that include perseverance, aggressiveness rather than shyness, and skilled working with numbers. Upon forming the fraud investigation team, goals should be determined prior to conducting the investigation including the importance of acquisition and properly maintaining evidence (Wells, 2005). It will often be necessary that the forensic accountants gather enough information to support fraud or embezzlement activity (Manning, 2005).

The Role of Forensic Accountants

Forensic accountants must understand and follow the Federal Rules of Evidence-Rule 702 (Craig & Reddy, 2004; Manning, 2005; Rasmussen & Leauanae, 2004; Shmukler, 2005; Wells, 2003; Wells, 2005). Rasmussen and Leauanae (2004) find areas of expertise necessary for forensic accountants in investigative accounting include intangible and business asset valuation and skills in economic loss calculation.

In addition, the authors suggest forensic accountants should possess an advanced or graduate degree. Today's business complexity and rapidly-changing technology, particularly accounting information systems and audit procedures for conducting fraud investigations, suggests forensic accountants should also be professionally certified. Professional certifications include Certified Fraud Examiner (CFE), Certified Internal Auditor (CIA), and Certified Public Accountant (CPA). An additional certification the investigator might consider is the Certified Insolvency and Restructuring Advisor (CIRA) designation. In addition to the specialized knowledge of a designated certified professional, another advantage to the professional designation is added credibility to the expert witness testimony in court. Bressler and Bressler (2006) report that small business owners rely on the advice of business counselors or consultants in selecting AIS software. Forensic accountants may provide this consultant role in selecting AIS software that provides red flag notices to the business owner of potential fraud activity.

REMEDIES

One of the most important remedies will be to contact the police and prosecute the offenders. Unfortunately, some small businesses and more often nonprofits can fail to do so. In the case of the nonprofits, the offender is often a respected and well-liked individual. This may send the wrong message, and donors may consider a nonprofit less credible as they cannot properly manage their finances. Courts may also be able to require the offender pay restitution.

The role of forensic accountants is critical at the remedy stage, as they are the expert witnesses the prosecution calls upon to provide testimony how the offender stole from the company or organization. As witness testimony will most likely be challenged in court, forensic accountants must be trained in audit investigation techniques, possess appropriate professional certifications, and be prepared to present detailed evidence that will hold up under cross-examination.

The final remedy is insurance. However, many small businesses are uninsured or underinsured when criminal activity occurs. According to a 2002 study by the National Federation of Independent Business, 15% of small business owners do not purchase business insurance at all (National Federation of Independent Business). Those who do are more likely to carry coverage for property damage, worker's compensation, and premise liability, only 34% carry business interruption insurance (National Federation of Independent Business).

Some of the types of insurance recommended by the U.S. Small Business Administration include general liability insurance, product liability, home-based business insurance, Internet business insurance, worker's compensation insurance, criminal insurance, business interruption insurance, key person insurance, and malpractice insurance (U.S. Small Business Administration, Small Business Planner).

[GRAPHIC OMITTED]

IMPLICATIONS

Results of this study provide important implications both for academics as well as business owners. For academics, there will be ample opportunity to further explore awareness levels of business owners regarding criminal activity and prevention methods, especially those criminal activities that are computer or Internet based. In addition, research might provide interesting case analyses in fraud prevention and detection that could be applied in other businesses.

This research also provides some important implications for small business owners and nonprofit organizations. Costs and rising insurance premiums are cited as a major factor for small businesses not purchasing business insurance (National Federation of Independent Business). For business owners, insurance and prevention cost may not be as significant when compared to potential costs of criminal activity. In addition, business owners and nonprofits might need to re-think trust levels in employees and volunteers. In the case of many nonprofits, embezzlers worked with the organization for fifteen or more years and had established a high level of trust. At the very least, organizations may need to follow sound business procedures to safeguard assets and in addition, become more observant of employee/volunteer behavior.

CONCLUSION

As can be noted in the above model, businesses and nonprofits are able to develop many prevention techniques to limit their exposure to criminal activity (Albrecht et al (2006). Prevention, however, does not prevent every occurrence of criminal activity. Prevention must be coupled with an on-going series of detection capabilities to minimize crime impact. Finally, nonprofits and small businesses will often be uninsured or under-insured. Adequate insurance may safeguard small businesses from becoming one of the estimated 30% of small business that fail due to criminal activity.

REFERENCES

Albrecht, W.S., Albrecht, C.C., & Albrecht, C.O. (2006). Fraud Examination 2e. Mason: Thompson Southwestern Publishers.

Bodnar, G. H., & Hopwood, (2004). Accounting Information Systems. (9th Ed.). Upper Saddle River: Prentice-Hall.

Bressler, L., & Bressler, M. (June, 2006). A study of accounting information systems utilization by small business. Strategic Finance, 87 (12), 57-60.

Buckhoff, T.A. (2004). Cash: The favorite target of fraudsters. CPA Journal, 7, 63.

Computer Crime and Security Survey. (2001, July). Computer Crime Losses. Controller's Report, Issue 7, P. 11.

Craig, R., & Reddy, P. (2004). Assessments of the expert evidence of accountants. Australian Accounting Review, 14, 73-81.

Draeger, C. (2005, August 24). Marcellus village president in Jail; Fisk surrenders to federal officials a day after being called a fugitive. South Bend Tribune, P.1.

Gambling addiction sometimes fuels church embezzlement cases. (2004, January 16). The Georgia Bulletin, P.1.

Gullapalli, D. (2004, September 14). Andersen Survivors at Houston aim to benefit from scandals. The Wall Street Journal, p. C1.

Kranacher, M., & Stern, L. (2004). Enhancing fraud detection through education. CPA Journal, 4, 66-68.

Manning, G.A. (2005). Financial Investigation and Forensic Accounting. Boca Raton: Taylor & Francis Group.

Larimer, R. (2006, October 13). American businesses lose nearly $652 billion to fraud and embezzlement each year. Colorado Springs Business Journal.

National Federation of Independent Business. (2002). Business Insurance (NFIB National Small Business Poll, Volume 2, Issue 7).

Off to jail. (6/25/2005). Economist, 375, 61-62. Orrick, D. (2007, January 15). Stung by Swindles. Pioneer Press.

Ramaswamy, V. (2005). Corporate governance and the forensic accountant. The CPA Journal, 75, 68-71.

Rasmussen, D.G., & Leauanae, J.L (2004). Expert witness qualifications and selection. Journal of financial Crime, 12, 265-172.

Ryan, M. (2005, October). An Overview of Financial Vulnerabilities at the Parish Level. New Oxford Review, Volume 72, Issue 9, Pgs. 25-31.

Schickel, R. (6/20/2005). How Enron's big shots got into trouble. Time, 165, 62.

Shmukler, E. (2005, February 1). Executives on trial: Scrushy team cross-examines forensic accounting witness. The Wall Street Journal, p. C4.

Silverstone, H., & Sheetz, M. (2007). Forensic Accounting and Fraud Investigation for Non-Experts 2e. Hoboken: John Wiley & Sons, Inc.

Small Business Planner. (2007). Get Insurance. U.S. Small Business Administration, http://www.sba.gov/smallbusinessplanner/manage/ getinsurance/SERV_INSURANCE.html

Survey Finds Rampant Church Embezzlement. (2007, January 5). The Kansas City Star, P. A7.

U.S. Small Business Administration. (1997). Small Business, Big Burdens: The Nature and Incidence of Crime Within and Against Small Business and Its Customers and Employees, Their Causes, Their effects, and Their Prevention (SBA research Summary No. 176). Washington, DC: Office of Advocacy, U.S. Small Business Administration.

Weber, R. (1999). Information Systems Control and Audit. Upper Saddle River: Prentice-Hall.

Weld, L. G., Bergevin, P.M., & Magrath, L. (2004). Anatomy of a financial fraud. The CPA Journal 74, 44-50.

Wells, J. (2001). Enemies Within. Journal of Accountancy, 91, 31-34.

Wells, J. (2003). The fraud examiners. Journal of Accountancy, 196, 76.

Wells, J. (March, 2003). Protect Small Business. Journal of Accountancy, 26, 26-32.

Wells, J. (2005). When you suspect fraud. Journal of Accountancy, 199, 82-85.

Yormark, K. (2004). Making the most of an internal investigation. Journal of Investment Compliance, 5, 64-67.

Common Employee Crimes

* Theft ("skimming") of cash

* Theft of inventory-merchandise or equipment

* Writing company checks

* Falsifying revenue reports

* Processing fraudulent invoices

* Customer identity theft

* Money laundering

* Intellectual property theft

* Credit card fraud

* Overstated expense reports

* Payroll fraud (Albrecht et al, 2006)

Martin S. Bressler, Houston Baptist University

Linda A. Bressler, University of Houston-Downtown