The thief at the next desk

The thief at the next desk
The thief at the next desk 

By Cheryl Hall
The Dallas Morning News
April 1, 2007

If you want to keep your business from being a victim of fraud, it helps 
to think like a crook.

And if you aren't worried because you trust everyone you work with, 
think again.

Those words of experience come from Jeff Matthews, forensic and 
investigative services director at Grant Thornton LLP in Dallas.

And there's one thing more. "If you want to know what a fraudster looks 
like," he says, "look to the person on your right, then to the one on 
your left, and it will look like the person in the middle. White-collar 
criminals look like you and me."

These days, Mr. Matthew is a busy guy thanks to Enron Corp., WorldCom 
Inc. and the like.

"It's been an amazing ride for the past three years," says the 
33-year-old certified fraud examiner, who's helped build Grant 
Thornton's forensic practice from just him in 2004 to 14 accountants.

"We're seeing more fraud come to light. That doesn't necessarily mean 
there's more or less fraud than before Sarbanes-Oxley. It's just that 
more people are required to look for it."

Mr. Matthews, who earned his accounting degree at the University of 
Louisiana at Monroe in 1995, received his "master's" in forensics as a 
23-year-old investigating political corruption in Louisiana for the 
state's legislative auditor's office.

"We had plenty to do," he says. "It's been an interesting transition for 
my career from investigating political corruption to working with 
companies to keep fraud from happening."

Stronger focus

While the financial aspects of Sarbanes-Oxley have grabbed headlines, 
C-level execs and audit committees are realizing an underlying 
obligation: They must ferret out foxes in the henhouse.

Financial statements have to be certified as correct and that any fraud 
and misconduct by management has been disclosed. Further, audit 
committees must investigate allegations of misconduct brought to their 

"You have more sanctions and structure," Mr. Matthews says. "They 
realize they have real obligations to investigate things."

Kevin Mann, director of business conduct and compliance at Lennox 
International Inc., agrees.

"With Sarbanes-Oxley, there's much more pressure to put these systems in 
place. A lot of resources got thrown into this. It was like throwing 
spaghetti against the wall," he says. "Now companies are starting to 
focus on some of the real dangers."

Starting small

And fraud isn't just a worry for the big guys.

The Association of Certified Fraud Examiners estimates that, on average, 
every business in America loses 5 percent of its annual income to 
employees illegally lining their pockets.

"Every company has been baited," Mr. Matthews says, using a fishing 
analogy for a financial vulnerability that an employee or vendor may 
have spotted.

"The cork bobs a little bit before it goes under. Fraud usually starts 
small, with just a few nibbles. Then they take the bait, and the scam 
really starts."

The case that sticks out most in Mr. Matthews' mind started with $6.08 
every two weeks taken by the controller of an oil and gas company.

Over the course of four years, this employee of 20-plus years ramped up 
his pillaging to $300,000 and $400,000 a swipe, with a total take of $7 

Why did he do it? He enjoyed the high life.

When the company finally took notice and went after him, it recovered 
six automobiles and two homes worth roughly half what he stole. He went 
to jail, and the company survived.

"It wasn't the size of the loss. It was such a breach of trust," says 
Mr. Matthews. "The intangible damage that it wreaked upon that company 
was devastating. They trusted him with the keys to the mansion, and he 
looted the place."

There are heartbreaking cases in which people commit fraud because they 
need money for a dying relative or a sick child, Mr. Matthew says. "It 
wasn't a game or for personal gain. Those are tough cases to 

Getting the accountants

But Mr. Matthews relishes cases that involve accountants.

"They document their fraud to the decimal point," he says. "The easiest 
way to get an accountant to confess is to accuse him of taking a little 
more than he took.

"You can say, 'Mr. Accountant, we have proof that you took $5 million.' 
And he'll respond, 'Absolutely not, I took only $4.8 million, and I've 
got records that show it.' "

Many companies make themselves vulnerable because they don't adhere to 
the rules they've put in place. Both Mr. Matthews and Mr. Mann find that 

"Many anti-fraud controls are manual in nature," says Mr. Matthews, 
giving examples such as getting dual signatures on checks or having a 
supervisor approve purchase orders. To save time and cut hassles, 
executives sometimes pre-sign checks or use a rubber stamp.

"It's like latches on your cabinets when you're babyproofing," Mr. 
Matthews says. "They work wonderfully when they're applied 
appropriately. But if they're lying on your counter because they're a 
pain to get undone, they're totally ineffective."

Mr. Mann says Lennox aims for an atmosphere that deals openly with fraud 
and misconduct and the consequences.

"You want to create a culture where people aren't afraid to talk about 
it," he says. "Fraud exists in every company. There are always going to 
be employees, contractors or vendors who try to take advantage of the 

"So you try to build in good controls and an awareness of how people 
might try to do this."

Have trust

And managers need to have trust, not faith, Mr. Mann says.

Take expense accounts, for example. "Faith is when you don't ask for 
documentation because you assume people are following the rules. Trust 
is when you're not afraid to ask."

Prevention Starts With Questions

What questions should executives and business owners ask themselves to 
detect, prevent and deter fraud and misconduct in their companies?

Jeff Matthews, forensic and investigative services director of Grant 
Thornton LLP, suggests the following:

* If you were to commit misdeeds against your company, how would you do 
  it? How would you get around measures that are in place? Ask senior 
  managers the same questions. "An honest employee will tell you where 
  the weaknesses are and what needs to be tightened."

* For C-level executives at publicly held companies: Would your 
  employees say they are under undue pressures to meet analyst 
  expectations or earnings forecasts? Would they think those 
  expectations are reasonable and realistic?

"Fear of failure may be so excessive that they'll skirt rules or play in 
the gray areas to get ahead just a little bit," Mr. Matthews says.

* How much fraud is inevitable or acceptable in your organization? 
  Again, the executives' answers should be compared with midlevel 

"The CEO or CFO may feel that that no level of fraud is tolerable," says 
Mr. Matthews. "But when you get down to where the rubber meets the road 
in the organization, they may have a different perspective."

* How confident are you that you would discover fraud within your 

"Then flip that around and ask midlevel managers how comfortable are 
they that if they brought fraud or misconduct to senior management's 
attention, that it would be dealt with swiftly and appropriately."

Visit the InfoSec News Security Bookstore 

Site design & layout copyright © 1986-2014 CodeGods