An interview with Paul McCormack, fraud investigator and educator:
Paul McCormack, CFE, has 17 years of fraud investigation and detection experience gained in banking, real estate, manufacturing, transportation and insurance. He currently serves as Executive Vice President with Connectics Advisory Services, based in Atlanta, GA. He has also held positions with Innovar Partners, SunTrust Bank, Ernst & Young, Delta Air Lines, PricewaterhouseCoopers, and Putnam Hayes & Bartlett. Throughout his career, Paul has assisted local law enforcement agencies, FBI, DEA, and the Secret Service.
As a fraud investigator and educator, what’s the most common misconception you encounter about employee fraud?
“It won’t happen here. I trust my employees. They would never do that to me.” Ignoring fraud or thinking that it won’t happen in your company is wishful thinking. The business press is full of companies that thought exactly the same way. Many have been forced to close their doors as a direct result of employee fraud.
What is one of the worst cases of employee fraud that you’ve investigated?
I lead an investigation involving allegations of fraud regarding the actions of the CEO, CFO, General Counsel and SVP of sales at a mid-sized company. Almost all of the allegations turned out to be true. The investigation uncovered rampant fraud and abuse including expense fraud, accounts payable fraud, accounts receivable fraud, kickbacks, payroll fraud and financial statement fraud. Each of the executives had turned a blind eye to the fraud being committed by the others. The parent company was so disgusted with the results of the investigation that it closed the company and moved the operations to another state. Three executives were fired, the fourth resigned, and 50 employees lost their jobs. The company declined to notify law enforcement in order to avoid the adverse publicity.
How big is the problem of employee fraud?
The Association of Certified Fraud Examiners (ACFE) estimates that worldwide $2.9 trillion is lost to fraud each year. The median loss to a small business is $155,000. There is also incalculable damage to customer and investor trust.
What are the chances of getting the money back?
Fraud losses are rarely recovered. Fraud schemes last a median of 18 months. During that time, the fraudster is buying things, paying down debt, or sharing your money with their family and friends. They typically don’t deposit the money in the bank and watch it earn interest. Making matters worse, thinly stretched law enforcement is often unable or unwilling to help recover fraud losses. Financial crimes can be extremely complicated and time consuming to investigate. Detectives need to close cases quickly. At the federal level, the bar is even higher. A six-figure loss may be devastating for your organization, but it may barely raise the eyebrow of an FBI agent in a large city. With no connection to organized crime, drugs or terrorism, the case file may be shelved and forgotten. Civil lawsuits won’t get the money back either. Even if entirely successful, amounts recovered will be reduced by professional fees paid to attorneys, forensic accountants, etc.
What trends in fraud are you seeing?
I sometimes open my presentations with this quote from the economist John Kenneth Galbraith: "The man who is admired for the ingenuity of his larceny is almost always rediscovering some earlier form of fraud. The basic forms are all known, have all been practiced. The manners of capitalism improve. The morals may not.”
With that said, cloud computing and Internet banking have helped employees successfully steal proprietary data and funds at an alarming rate. Coupled with lack of employee oversight and you have the proverbial “recipe for disaster”.
So what can businesses do to prevent employee fraud?
First of all, they need to set the tone for honesty and integrity at the top. If executives are viewed by employees as unethical, it makes it far easier for them to justify committing fraud. Further, companies where the executives are morally bankrupt rarely view fraud prevention as a priority. As such the company normally has a very weak internal control framework in place to combat fraud.