by Gregory S. Dowell August 24, 2017 We often have noted the results of the fraud studies that have been performed by the Committee of Sponsoring Organizations of the Treadway Commission (“COSO”), which is co-sponsored by the Academy of Certified Fraud Examiners (“ACFE”). Those studies consistently have pointed out a few interesting results:  Small business is more susceptible to loss from fraud. The perpetrator is almost always a trusted employee. The average dollar-amount loss from fraud is significant, and can be detrimental to the life of an entity. Despite these consistent results, we have noted as CPAs and advisors that many businesses still feel like they are bullet-proof from fraud. Even though fraud studies show us conclusively that fraud tends to be committed by the employee who is viewed as beyond suspicion, the most trustworthy, and the most committed to the organization, time and time again we have business owners tell us that their trustworthy, committed employee would never do such a thing. We remind those business owners that exactly the same thing was said about those poor employers who were defrauded by their loyal employee. What far too many business owners (I’m using the term “business owners” broadly, as this applies to charities and governments as well) fail to realize is that putting in good internal controls, and then spending some time checking on adherence to those controls, is fundamental to running a business in a sound and responsible manner. No employee, who is motivated by good intentions and the employer’s best interests, will have a serious objection to being submitted to internal controls. In fact, an employee who vehemently objects is a sign that something may be amiss. Good controls and processes, when put into place, become part of a business’ culture. Those controls raise every employee and stakeholder’s respect for doing things properly and in a transparent manner. Those good controls will pay for themselves many times over in the life of the business, by preventing fraud, by presenting opportunity (think of how pleased a banker with money to lend would be to understand that a business takes control seriously), and by resulting in a higher valuation. Yes, potential buyers will be impressed by the processes in place, will place more reliability on the financial statements, and will ultimately place a higher value on a business that has good controls. While the fraud studies by COSO are the most widely-publicized, multiple studies done by a number of organizations report these same results. In a recent article by Rachel Layne for MoneyWatch titled “Your company’s biggest thief might be the most loyal-seeming employee”, she cites a study by the insurance firm Hiscox, and the results from the previous COSO studies are again confirmed. As noted by Ms. Layne, the study reports that most thefts extend over long periods of time – think in terms of years – and may include smaller amounts of thievery over and over and over again. The study shows that 29% of employee thefts took place over more than 5 years (37% for those in the financial services industry). Vendor losses are the largest – think of an employee who sets up a fraudulent vendor in the employer’s system, and then systematically pays them over months and years. This study found that the average theft stretching over 5 years or more was $2.2 million. In declining order, the largest frauds occurred in financial services, government, manufacturing, real estate, labor unions, and “other services”. All of these fraud studies consistently show that the thief was most commonly the most trusted person in the organization, the person who never takes vacation (which is important if you need to cover your tracks every day), an employee involved in the accounting department, and have a median age of 48 (older employees tend to be around longer and have advanced in the company to a position that gives them knowledge and the access to commit fraud). The study also notes that, again, small businesses are the most at-risk. So what should be done? The answer is relatively simple: Engage your CPA firm to conduct an internal control study and make recommendations for change, as well as for ongoing monitoring. That monitoring should include internal monitoring by other employees, but should also include periodic monitoring by the CPA firm. Even if the benefits and positive financial impact noted above is completely ignored and one only thinks about the immediate costs of control, there is obviously an upfront and ongoing cost to putting in these controls, but the cost from not having these controls can be staggering. The sad thing is that these losses are preventable, but not if business owners, governmental leaders, and boards of directors fail to take action.

by Gregory S. Dowell F  or those who harbor superstitions, writing an article about risk on the day of Friday the 13th might seem to be ill-advised. On the flip side, perhaps there is no better day to consider the issue than on a date famously associated with bad luck. Many of us join boards of charitable organizations or nonprofits so that we can serve a cause that is important to us. Sure, your business may also encourage such participation or you may want to bolster your resume as well but, in the end, the vast majority of us choose to serve because we care. In virtually every case, service on a board comes without monetary compensation. It is a surprise, then, for many people when they consider that they can actually be sued for their actions when serving on a nonprofit or charitable board. In such a situation, it would be the exact opposite of compensation, in that a board member ends up paying for the pleasure of serving for no monetary compensation. Depending on the nature of the entity’s underlying work, the risks of serving on a board can be very real. Consider, for instance, a board member who might serve on the board of an organization that builds houses for the homeless. Many things can go wrong in the building of a home, and construction is an inherently dangerous business. If someone is injured or killed at the work site, it could be quite likely that a board member could be sued for damages. Recognizing these risks, director’s and officer’s insurance (commonly called D & O insurance) is offered by some insurance carriers and can be purchased by a board to protect its members. While the insurance premiums may not be expensive when compared to the potential risks, bear in mind that the entity asked to pay for the premiums is probably operating on a very tight budget. Regardless of the budget, however, those who serve on nonprofit and charitable boards must consider their exposure. Realistically, even a very small organization may want to prioritize this payment, even if it means that board members individually agree to chip in from their own savings to pay for the premium. To determine if D & O insurance is necessary, a board should reflect on its inherent risks and the risks of the organization. Before agreeing to serve on a board, an individual should stop and consider the risks. The more one knows about the organization and how it operates, the better. These are be some issues to consider: What does the organization do – from a granular level on up? What other entities or businesses are involved in the business processes of the organization? Is the underlying nature of the organization’s mission fraught with risk? Does the organization have strong leadership and a board that is involved? A strong leader with a weak board can be a recipe for disaster. Does the board meet regularly and maintain good records of its activities? Does the organization and the board insist on good internal controls over its financial functions? Are duties segregated as best as possible, and is there reasonable oversight of the accounting and banking functions? Is the organization in compliance with its Federal and State tax filing requirements? Is the organization properly registered with the State’s governing body (often, the Attorney General or the Secretary of State)? Has the organization complied with the need for a certified audit of its financial statements? Will you allocate the necessary time to execute your responsibilities and to be involved at an appropriate level? Does the volunteer work put you in a potential conflict position with any other volunteer work you do, or perhaps with your business interests or your employer? Does the board have D & O insurance and, if not, why not? Serving on a board can be fulfilling, perhaps even life-changing. Most importantly, it can be incredibly rewarding from a personal standpoint. It is an important obligation and should not be lightly undertaken. That said, most of us need to consider the risk of service and determine if we want to accept that risk. Just as we accept that we buy house insurance to protect our homes and property, life insurance to protect our loved ones, and health insurance to protect our health and our wealth, we should also consider the need to buy D & O insurance if we choose to serve on a board.