A recent post explained how an employee exploited internal control weaknesses, specifically a failure to segregate duties, to commit payroll fraud. In 2023 BCSC 892 (“BCSC 892”), a payroll supervisor stole over $1.9M through 885 instances over 6 years. That case called to mind a few other internal control issues beyond segregation of duties and this post covers a few of them. Read more below on the relationship between payroll fraud, and harassment or overwork, among other internal control issues.
In BCSC 892, the judge said the employee failed to advance any reasonable defence to the employer’s allegations of fraud. The employee did not deny taking the money. Instead, she alleged that the workplace was toxic and she had been generally mistreated, sexually harassed, and overworked.
To the casual observer, this so-called defence seems unrelated to the crux of the matter—she stole; what does any of that have to do with anything? At law, maybe nothing; considering the psychology of fraud, everything. Subscribers to the PolicyPro Finance and Accounting database will recognize a vital element of the fraud triangle described in SPP GV 6.05 – Fraud. In the psychology of fraud, the employee’s defence is known as the rationalization.
So, what is the fraud triangle?
The fraud triangle is a fraud prevention and detection model that identifies three essential components for fraud to exist: opportunity, pressure, and rationalization. You can analogize the fraud triangle to the classic modus operandi (MO) of means, motive, and opportunity in police dramas. The first essential component for fraud is an opportunity or the right conditions. Here, the employee had free reign to defraud and conceal it because there was no segregation of duties or other preventive or detective controls. In other words, she had the opportunity or the means to defraud because the lack of controls created conditions conducive to fraud.
Second, there needs to be a motive, which is a pressure or the “why” the fraudster engages in fraud. In BCSC 892, funding a gambling habit is part of the motive. Pressures can include addictions, financial difficulties, or a desire to live a lavish lifestyle. This last pressure is why one of the red flags of fraud is employees who appear to be living well above their means based on their pay and life circumstances.
The third element of the fraud triangle is the rationalization. The rationalization is how the fraudster explains or justifies their actions so that they seem acceptable to others and to their moral compass. In this case, the fraudster’s defence could suggest that she felt entitled to take the money as compensation for the toxic environment, harassment, and overwork that she alleged. Employers have to be mindful of feelings of dissatisfaction about pay or working conditions because beyond poor morale, they can have consequences for fraud and error.
The employee’s payroll fraud triangle and modus operandi included weak controls (opportunity, means), addiction (motive, pressure), and dissatisfaction with the work environment (rationalization, motive).
The employee was a trusted and long-term employee. During her 17-year tenure she was promoted from payroll coordinator to payroll supervisor. Ironically, the trust and the institutional knowledge she accumulated made her well-placed to commit payroll fraud. Means or opportunity is a critical part of the fraud triangle. Trusted employees have inherent opportunities to defraud. Don’t make it easier for them to do so, by relaxing internal controls or allowing them to override internal controls.
The fraud triangle is imperfect; fraudsters will display anomalous behaviour patterns. However, understanding the elements of the triangle will help immensely in designing preventive and detective controls.
Speaking of which, BCSC 892 illustrates the primacy of preventive controls over detective controls. It is easier to prevent the horse from bolting than to stop a horse that has already fled the gates.
By the time the employer discovered the fraud and got a freezing order to prevent the employee from using or disposing of her cash and other assets and compel her to report all her assets, it was too late. By the time of the judgement, the employee alleged that she was broke, partly because of her online gambling addiction and ill health. She also breached the freezing order by failing to report assets and continuing to spend money on living expenses despite the freezing order. These circumstances made recovery of the stolen funds unlikely. This is why preventive controls are more effective than detective internal controls. Preventive controls, for example, segregation of duties, prevent fraud or errors from occurring. Detective controls, for example, audits and reviews, reveal or uncover frauds and other breakdowns in internal controls that have already happened. A few preventive controls might have saved the employer $1.9M and the time, expense, and intangible cost of a court action.
And by the way, BCSC 892 is an indirect endorsement of mandatory, unplugged or disconnect from work vacations. The fraud came to light after the employee resigned and the employer could not reconcile payroll-related discrepancies. We do not know all the facts of BCSC 892, but frauds often come to light when the perpetrator is absent because of leaves or separation of employment and cannot manipulate accounting records to conceal their fraud. Oftentimes, it is a backup colleague who uncovers the fraud. An effective and often overlooked control is to make it mandatory for employees to take vacations and actually leave their tasks to a backup instead of working while on vacation. The time off should be long enough to span the processing cycle so that the backup has the opportunity to discover the fraud.
Meeting your duty of care
Understand the psychology of fraud, segregate duties, and implement other preventive internal controls. See Chapter 6 – Internal Controls, including SPP GV 6.05 – Fraud, and other policies in the PolicyPro Finance and Accounting database.
Policies and procedures are essential, but the work required to create and maintain them can seem daunting. The Finance and Accounting, Operations and Marketing, Not-for-Profit, and Information Technology databases in PolicyPro, co-marketed by First Reference and Chartered Professional Accountants Canada (CPA Canada), contain sample policies, procedures, checklists and other tools, plus authoritative commentary to save you time and effort in establishing and updating your internal controls and policies. Not a subscriber? Request free 30–day trials of Finance and Accounting, Not-for-Profit, Operations and Marketing, and Information Technology databases in PolicyPro here.
- Improve order processing to avoid downstream problems - April 3, 2024
- Overdue accounts finance your customers’ businesses - March 6, 2024
- Gift acceptance: Sometimes a gift costs more than it is worth - February 7, 2024
Leave a Reply