A plan to prevent pilfering.
The most effective embezzlement prevention program combines general loss prevention techniques designed for daily operations with specific techniques that prevent losses from employees.
The embezzler. There is no such person as an average embezzler. There is no exact description of how an embezzler looks, acts, or thinks. Experience and statistical information, however, can help to develop an embezzler profile.
Embezzlers are generally profiled in one of two categories: chronic/compulsive or needy. An embezzler generally is a high school graduate; a staff employee, if female; a company officer, if male; a bright, competent, and superior employee; and neat, precise, and attentive to detail. He or she leads a progressively complex life and has worked and continues to work in the same industry and job category.
The individual embezzles to repay increasing debts, not to accumulate wealth, and believes that he or she will never be discovered. The individual does not see himself or herself as a criminal and incorporates lying, cheating, and stealing into every facet of his or her life. This individual has embezzled from his or her last four employers prior to discovery, is rarely criminally prosecuted, does not receive a jail sentence upon conviction, and does not repay the victim or court costs.
Needy embezzlers may have an acute, short-term need for money for a legitimate purpose. They may have knowledge of other employees' embezzlement activity and ask to become temporarily involved in those activities. They may feel the need to retaliate for perceived promotion discrimination or sexual harassment and feel cheated, unrecognized, or unrewarded for their efforts on behalf of the institution. They may also feel there is a lack of promotional opportunity; suffer from minor personality conflicts and related problems; be occasional substance abusers; or possess altered mental and emotional states caused by a dependency on drugs or alcohol.
These individuals may be facing what appears to them to be overwhelming debts, and they fear the loss of reputation and esteem of co-workers. They feel unprepared or uncomfortable in their jobs and perceive a lack of interest and attention by the institution.
In addition to the common characteristics shared by most embezzlers and the more specific characteristics shared by needy embezzlers, chronic/compulsive embezzlers consider themselves to be superior to management and other employees in intellect or ability and think of embezzlement as a game they can win. They may lie, cheat, and steal to either receive a reward or to avoid punishment, and they have a desire to prove how clever they are.
Professional embezzlers generally develop a strategic plan for their activities much the same way the companies they work for do. The strategic plan most frequently used by embezzlers resembles an auditor's review worksheet. It tests the opportunity afforded by the company's policy and procedures on managing its personnel and record keeping. The security manager must not leave vulnerabilities for the would-be embezzler to exploit.
Personnel. Comprehensive written internal control techniques should be established that provide employees with the ability to notify the security officer and auditor of suspicious incidents without fear of reprisal. This information should be included in the employee orientation training program and employee handbook. The internal control policies should also provide for the documentation of all suspicious incidents.
Comprehensive safeguards should also be set up against abuses by officers and directors or other insiders. For example, employees' schedules and work assignments should be rotated at unpredictable intervals.
A code of conduct should be written and shared with all employees and board members. Employees need to be shown where they fit into the company; they need to know what the company stands for and what it will not allow; and they need to be led by example. If the company fails to communicate its response to any of these needs, it is preparing the means for its own destruction. Embezzlers themselves often cite these reasons for the discontentment that led them to commit their crimes.
A code of conduct is an excellent way to communicate with employees and to describe standards of behavior. The company's code of conduct statement can be used to describe an employee's rights and obligations. Employees who believe that they are treated fairly are less likely to become discontented.
Key positions at all levels should be filled by qualified personnel who create the necessary security-conscious atmosphere. Written position descriptions, levels of authority, and reporting routines for all employees should also be provided.
The roles of security officer and auditor should not be shared by one individual. Each role may report directly to the board of directors or an audit committee.
If the company is a corporation, an audit committee should be formed and composed solely of independent directors. The committee should be provided with the necessary guidance, resources, authority, and training to oversee the company's affairs effectively.
All new employees should provide handwriting and fingerprint samples and a current personal photograph. The company should provide notice that it will conduct credit checks on all applicants and that it may conduct credit checks on employees at unspecified intervals during any employee's term of employment. A written security training program should also be developed for employees at all levels within the company.
The company should develop, implement, monitor and periodically update a policy that requires at least two employees to open and close a facility. This policy should also govern the issuance, control, and collection of keys; security and alarm access codes and devices; security procedures for cash; cash-handling facility countdown after an unusual incident; and other security devices maintained as dual control techniques.
Record keeping. Company policy should require an employee to be present when customers sign documents such as signature verification cards, payable instruments, delivery receipts, and credit applications. These documents should include any original materials that may be used in court as evidence, including payroll records and delivery receipts. The removal of original company documents and computer files from the workplace should be prohibited, and copies of critical original documents should be required. The company should also have a policy prohibiting disbursements as a result of the presentation of an authorization letter, rather than the presentation of a check, draft, or an official company document.
The negotiation of payable instruments that have facsimile signatures, are computer-generated, or have stamped markings, where the facsimile signature or stamped markings are printed with what appears to be black ink, should also be monitored. The use or negotiation of any document written with a red ballpoint pen, which is commonly used to commit statement-cycle crimes, should be prohibited. Generally red ballpoint pens create the most highly reflective color. Depending on the type of equipment, lenses of copiers or microfiche machines usually reflect off the red so that when the copy is completed the penned area appears blank or the image that appears is not acceptable by a document examiner to positively identify the writing characteristic. Those who kite checks, for example, prefer to write with red ballpoint pens since copies of these checks do not show the red penned area and are returned to the perpetrator as blank, thus ready to be used again. A process should also be devised to reconcile official checks and wire transfer records.
Policies should address use of or restrictions on issuance of a power of attorney used to open new accounts and to direct disbursements. The company should also address the prohibition of "less cash" deposits to the company's checking or savings accounts, as well as restrictions on the negotiation of any payable instrument or document containing alterations or illegible information.
Employees should photocopy identification and related documents, such as a driver's license or Social Security card, furnished to open a new account, such as payroll accounts, lines of credit, direct-deposit accounts, and securely store the photocopies with the account file. Customers should also be required to furnish copies of appropriate business records when opening an account, and employees should securely store the photocopies with the account file.
Sole proprietorship accounts should be reviewed closely--particularly general contractors, restaurants and bars, and senior citizen personal accounts. Sole proprietorships are notorious for employing one person to handle several account-handling responsibilities without oversight. Dual controls in the bookkeeping department can provide protection against embezzlement. In other words, those preparing the checks should not be signing them. All transactions should undergo checks and balances.
A program should be implemented to monitor all new account activity--particularly employees' accounts--for at least ninety days, and all suspicious or unusual activity should be documented and followed up. This applies to all credit accounts no matter what kind of business is involved.
A company's corporate culture is a significant factor when determining the company's vulnerability to misuse and misappropriation. Corporate culture is an environment influenced by the prevalent morals, ethics, ideals, and standards for behavior as developed, implemented, and demonstrated by management: the company's conscience. By taking a preventive role in designing and implementing strategic loss control procedures, management can focus significant attention on the embezzlement problem.
Shopping for an Anti-Theft Service
EMPLOYEE THEFT IS the leading cause of shrinkage in the retail industry. One tool in the security professional's arsenal to fight this problem is a shopping service. Shopping services are often used to help evaluate the honesty, work performance, salesmanship, or product knowledge of a retail company's employees.
In most states, a private investigation license is required to operate a shopping service. Before selecting a service, the security manager should first determine what licensing is required and which companies have them. The agency in charge of such regulation can provide this information by either supplying a list of licensed agencies or referring the manager to a professional association that supplies a list of local agencies with experience in the shopping venue. The regulating agency differs from state to state. Individuals should call their state's general government information line to determine the appropriate agency to call. Personal referrals from other security professionals are also an excellent tool.
Once the prospective candidates are selected, any agency under consideration should be asked to supply copies of the required license, workers' compensation coverage, liability insurance and bonding certificate, and at least three verifiable references.
The license holder should be interviewed regarding direct experience in the security manager's specific area of need as well as professional certifications and training. The security manager should also visit the shopping service's business office to see if it is a viable operation, properly staffed, and equipped to handle the account.
The following questions should be asked when the prospective contractor is interviewed:
* Do the agents to be used have experience in the security manager's specific business, and if so, how much?
* Can the agents who will service the contract for the company be interviewed?
* Who will supervise the work done to ensure it is done in a professional, timely fashion?
* Does the agency have both male and female operatives and in sufficient number to accomplish the stated goals?
* Have any complaints been lodged against the agency? If so, what was the nature of those complaints and what was the disposition of them? (The Better Business Bureau and the state regulatory agency administering the license can be of help in these areas.)
* Does the agency have sufficient office personnel to produce reports in a timely fashion?
* Can the agency provide a generic sample report to show how reports will be composed for the client? Can the agency include specific details that the client may want incorporated in the reports and, if so, will they be provided in a timely manner?
* Can the agency supply service on short notice, and if so, are there extra charges for such service?
* Will the agency customize a report geared to the company's needs?
* Is a copy of the contract the security manager will sign available to be reviewed by the company's legal department?
* Is a list of fees and charges available? Are there fees for extras, such as report writing, mileage, travel time, expenses, or court and administrative hearings?
This valuable tool is only as good as the people performing the job. Therefore, the security manager must be a wise consumer and select with care. Using this guide should enable him or her to select a quality service suited to company needs.
James P. Muuss, CPP, is general manager of Reliant Protective Services in Tempe, Arizona. He is a member of ASIS.
Dana L. Turner is a partner with Security Education Systems, a research, consulting, and training firm in Palo Cedro, California. He is a member of ASIS. Richard G. Stephenson is a partner with the law firm of Troughton & Soter in San Francisco and is the co-author of The Embezzlement Prevention and Investigation Manual.